Date: 06 Oct 2001 15:38:01 +0200 From: Dag-Erling Smorgrav <des@ofug.org> To: Robert Watson <rwatson@FreeBSD.ORG> Cc: Peter Wemm <peter@wemm.org>, arch@FreeBSD.ORG Subject: Re: Removing ptrace(2)'s dependency on procfs(5) Message-ID: <xzpr8sgrirq.fsf@flood.ping.uio.no> In-Reply-To: <Pine.NEB.3.96L.1011006091037.66473B-100000@fledge.watson.org> References: <Pine.NEB.3.96L.1011006091037.66473B-100000@fledge.watson.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Robert Watson <rwatson@FreeBSD.ORG> writes: > On 6 Oct 2001, Dag-Erling Smorgrav wrote: > > Should I also change p_candebug() to always deny the request if p2 is a > > system process? That will save quite a lot of checks in ptrace() and > > procfs, and possibly some other places as well. > Hmm. An interesting question. [...] > > If the P_SYSTEM check is first, and returns (EINVAL), then a jailed > process can enumerate the system process space. Not a huge risk, but not > quite in keeping with the intent of p_cansee(). > > Another choice is to put the check in p_candebug(). [...] I'm confused - I think you misread my question; I was suggesting adding the P_SYSTEM check to p_candebug(), not p_cansee(). If you did not misread my question, you'll have to clarify what you meant in the above three paragraphs :) DES -- Dag-Erling Smorgrav - des@ofug.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-arch" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?xzpr8sgrirq.fsf>