Date: Sat, 22 Sep 2012 19:05:49 +0300 From: Andriy Gapon <avg@FreeBSD.org> To: freebsd-hackers <freebsd-hackers@FreeBSD.org>, freebsd-security@FreeBSD.org Subject: kern_exec: check p_tracecred instead of p_cred Message-ID: <505DE1DD.7070506@FreeBSD.org>
next in thread | raw e-mail | index | archive | help
Currently even if root ktraces an unprivileged process that execs a sguid
executable, then tracing aborted at that point. I think that that happens
because wrong credentials are checked at that point.
What do you think about the following patch?
commit 956a80783bc39162b1d64383188c5037f9767413
Author: Andriy Gapon <avg@icyb.net.ua>
Date: Sat Sep 22 18:17:46 2012 +0300
kern_exec: check p_tracecred instead of p_cred
... when deciding whether to continue tracing across suid/sgid exec
diff --git a/sys/kern/kern_exec.c b/sys/kern/kern_exec.c
index 90f7311..8d62c1e 100644
--- a/sys/kern/kern_exec.c
+++ b/sys/kern/kern_exec.c
@@ -694,7 +694,8 @@ interpret:
setsugid(p);
#ifdef KTRACE
- if (priv_check_cred(oldcred, PRIV_DEBUG_DIFFCRED, 0))
+ if (p->p_tracecred != NULL &&
+ priv_check_cred(p->p_tracecred, PRIV_DEBUG_DIFFCRED, 0))
ktrprocexec(p, &tracecred, &tracevp);
#endif
/*
--
Andriy Gapon
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?505DE1DD.7070506>