Skip site navigation (1)Skip section navigation (2) 
Date:      Fri, 5 Oct 2001 23:13:45 -0400 (EDT)
From:      Robert Watson <rwatson@FreeBSD.ORG>
To:        Dag-Erling Smorgrav <des@ofug.org>
Cc:        Peter Wemm <peter@wemm.org>, arch@FreeBSD.ORG
Subject:   Re: Removing ptrace(2)'s dependency on procfs(5)
Message-ID:  <Pine.NEB.3.96L.1011005230944.57665A-100000@fledge.watson.org>
In-Reply-To: <xzpzo76ry1w.fsf@flood.ping.uio.no>
next in thread | previous in thread | raw e-mail | index | archive | help 
I've already delivered some comments to you out-of-band, but here are a
couple more:

(1) Actually, this is a duplicate of an out-of-band one: using
    procfs_rwmem() as a function name in sys_process.c still jibes: are
    you sure you don't want to rename it now rather than waiting? :-) 

(2) For the security check:

+       if (uap->req != PT_TRACE_ME && (error = p_candebug(curp, p))) {         
+               PROC_UNLOCK(p);                                                 
+               return (error);                                                 
+       }                            

    Instead, modify p_candebug() to allow debugging of p1 by p1 always.
    Structuring the P_SYSTEM check that way is fine, as that's a syntax
    check, but since this case exempts the security check if it's
    PT_TRACE_ME, I'd rather we modify the security check.  Note that one
    benefit to doing it this way is that if the admin disables debugging
    globally using the existing policy sysctl, it also disables it for the
    current process.

Otherwise, looks good to me.  No doubt once it's committed, there will be
some further tweaks, but this is a cleanup I'm very happy to see happen.

Thanks!

Robert N M Watson             FreeBSD Core Team, TrustedBSD Project
robert@fledge.watson.org      NAI Labs, Safeport Network Services

On 5 Oct 2001, Dag-Erling Smorgrav wrote:

> Dag-Erling Smorgrav <des@ofug.org> writes:
> > I've put up a new patch that places the prototypes in ptrace.h rather
> > than add a new header:
> 
> I left one instance of #include <sys/debug.h> in, so this patch
> wouldn't build.  The correct (and tested) patch is:
> 
>     http://people.freebsd.org/~des/software/ptrace-20011005b.diff
> 
> DES
> -- 
> Dag-Erling Smorgrav - des@ofug.org
> 
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-arch" in the body of the message
> 


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-arch" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.NEB.3.96L.1011005230944.57665A-100000>