From 4042a41aefa37363843b47eb3c9750e91c6dd37a Mon Sep 17 00:00:00 2001
From: kib <kib@FreeBSD.org>
Date: Tue, 3 Nov 2015 08:31:01 +0000
Subject: MFC r289660,r289664: Do not allow to execute ptrace(PT_TRACE_ME) when
 the process is already traced or when there is no parent which can trace the
 process.

---
 sys/kern/sys_process.c | 15 +++++++++++++--
 1 file changed, 13 insertions(+), 2 deletions(-)

(limited to 'sys/kern')

diff --git a/sys/kern/sys_process.c b/sys/kern/sys_process.c
index a3a861f..5efec4f 100644
--- a/sys/kern/sys_process.c
+++ b/sys/kern/sys_process.c
@@ -442,7 +442,7 @@ ptrace_vm_entry(struct thread *td, struct proc *p, struct ptrace_vm_entry *pve)
 }
 
 #ifdef COMPAT_FREEBSD32
-static int      
+static int
 ptrace_vm_entry32(struct thread *td, struct proc *p,
     struct ptrace_vm_entry32 *pve32)
 {
@@ -743,7 +743,18 @@ kern_ptrace(struct thread *td, int req, pid_t pid, void *addr, int data)
 	 */
 	switch (req) {
 	case PT_TRACE_ME:
-		/* Always legal. */
+		/*
+		 * Always legal, when there is a parent process which
+		 * could trace us.  Otherwise, reject.
+		 */
+		if ((p->p_flag & P_TRACED) != 0) {
+			error = EBUSY;
+			goto fail;
+		}
+		if (p->p_pptr == initproc) {
+			error = EPERM;
+			goto fail;
+		}
 		break;
 
 	case PT_ATTACH:
-- 
cgit v1.1