From 364e5bfeb67226e5ae5ead5ffd5deac0095e2c25 Mon Sep 17 00:00:00 2001
From: des <des@FreeBSD.org>
Date: Mon, 18 Feb 2002 21:41:11 +0000
Subject: Paranoia: if the process is setugid, set all sensitive files mode 0.

---
 sys/fs/procfs/procfs.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

(limited to 'sys/fs/procfs')

diff --git a/sys/fs/procfs/procfs.c b/sys/fs/procfs/procfs.c
index 76c128f..6d6162e 100644
--- a/sys/fs/procfs/procfs.c
+++ b/sys/fs/procfs/procfs.c
@@ -94,7 +94,9 @@ int
 procfs_attr(PFS_ATTR_ARGS)
 {
 	/* XXX inefficient, split into separate functions */
-	if (strcmp(pn->pn_name, "ctl") == 0 ||
+	if (p->p_flag & P_SUGID)
+		vap->va_mode = 0;
+	else if (strcmp(pn->pn_name, "ctl") == 0 ||
 	    strcmp(pn->pn_name, "note") == 0 ||
 	    strcmp(pn->pn_name, "notepg") == 0)
 		vap->va_mode = 0200;
-- 
cgit v1.1