Date: Thu, 15 Feb 2007 14:35:22 GMT From: Robert Watson <rwatson@FreeBSD.org> To: Perforce Change Reviews <perforce@freebsd.org> Subject: PERFORCE change 114558 for review Message-ID: <200702151435.l1FEZMMn076851@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
http://perforce.freebsd.org/chv.cgi?CH=114558 Change 114558 by rwatson@rwatson_cinnamon on 2007/02/15 14:34:57 Make privilege check for differing uids setting process flags via procfs the same as using other debugging mechanisms: allow in jail. Affected files ... .. //depot/projects/trustedbsd/priv/sys/fs/procfs/procfs_ioctl.c#7 edit Differences ... ==== //depot/projects/trustedbsd/priv/sys/fs/procfs/procfs_ioctl.c#7 (text+ko) ==== @@ -110,11 +110,9 @@ * XXXRW: Is this specific check required here, as * p_candebug() should implement it, or other checks * are missing. - * - * XXXRW: Other debugging privileges are granted in - * jail, why isn't this? */ - error = priv_check(td, PRIV_DEBUG_SUGID); + error = priv_check_cred(td->td_ucred, + PRIV_DEBUG_SUGID, SUSER_ALLOWJAIL); if (error) break; }
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200702151435.l1FEZMMn076851>