Skip site navigation (1)Skip section navigation (2)
Date:      Sun, 10 Aug 1997 16:55:01 -0400 (EDT)
From:      Brian Mitchell <brian@firehouse.net>
To:        freebsd-security@freebsd.org
Subject:   procfs patch
Message-ID:  <Pine.NEB.3.96.970810165359.205A-100000@apocalypse.saturn.net>

next in thread | raw e-mail | index | archive | help
Enclosed is a patch that seems to work ok on my system. Extensive testing
has not been done. There's probably a much better way to do this.

diff -c procfs_old/procfs_ctl.c procfs/procfs_ctl.c
*** procfs_old/procfs_ctl.c	Sun Aug 10 15:05:48 1997
--- procfs/procfs_ctl.c	Sun Aug 10 16:37:59 1997
***************
*** 121,126 ****
--- 121,129 ----
  {
  	int error;
  
+ 	/* if we have trace flag set, fail */
+ 	if(p->p_flag & P_SUGID)
+ 		return (EPERM);
  	/*
  	 * Attach - attaches the target process for debugging
  	 * by the calling process.
diff -c procfs_old/procfs_fpregs.c procfs/procfs_fpregs.c
*** procfs_old/procfs_fpregs.c	Sun Aug 10 15:05:47 1997
--- procfs/procfs_fpregs.c	Sun Aug 10 16:38:14 1997
***************
*** 62,67 ****
--- 62,69 ----
  	char *kv;
  	int kl;
  
+ 	if(p->p_flag & P_SUGID)
+ 		return (EPERM);
  	kl = sizeof(r);
  	kv = (char *) &r;
  
diff -c procfs_old/procfs_map.c procfs/procfs_map.c
*** procfs_old/procfs_map.c	Sun Aug 10 15:05:47 1997
--- procfs/procfs_map.c	Sun Aug 10 16:35:41 1997
***************
*** 96,101 ****
--- 96,103 ----
  	vm_map_entry_t entry;
  	char mebuffer[MEBUFFERSIZE];
  
+ 	if(p->p_flag & P_SUGID)
+ 		return (EPERM);
  	if (uio->uio_rw != UIO_READ)
  		return (EOPNOTSUPP);
  
diff -c procfs_old/procfs_mem.c procfs/procfs_mem.c
*** procfs_old/procfs_mem.c	Sun Aug 10 15:05:47 1997
--- procfs/procfs_mem.c	Sun Aug 10 16:39:01 1997
***************
*** 297,302 ****
--- 297,304 ----
  {
  	int error;
  
+ 	if(p->p_flag & P_SUGID)
+ 		return (EPERM);
  	if (uio->uio_resid == 0)
  		return (0);
  
diff -c procfs_old/procfs_note.c procfs/procfs_note.c
*** procfs_old/procfs_note.c	Sun Aug 10 15:05:47 1997
--- procfs/procfs_note.c	Sun Aug 10 16:36:19 1997
***************
*** 59,64 ****
--- 59,66 ----
  	int error;
  	char note[PROCFS_NOTELEN+1];
  
+ 	if(p->p_flag & P_SUGID)
+ 		return (EPERM);
  	if (uio->uio_rw != UIO_WRITE)
  		return (EINVAL);
  
diff -c procfs_old/procfs_regs.c procfs/procfs_regs.c
*** procfs_old/procfs_regs.c	Sun Aug 10 15:05:47 1997
--- procfs/procfs_regs.c	Sun Aug 10 16:36:39 1997
***************
*** 62,67 ****
--- 62,69 ----
  	char *kv;
  	int kl;
  
+ 	if(p->p_flag & P_SUGID)
+ 		return (EPERM);
  	kl = sizeof(r);
  	kv = (char *) &r;
  
diff -c procfs_old/procfs_status.c procfs/procfs_status.c
*** procfs_old/procfs_status.c	Sun Aug 10 15:05:47 1997
--- procfs/procfs_status.c	Sun Aug 10 16:36:55 1997
***************
*** 69,74 ****
--- 69,76 ----
  	int error;
  	char psbuf[256];		/* XXX - conservative */
  
+ 	if(p->p_flag & P_SUGID)
+ 		return (EPERM);
  	if (uio->uio_rw != UIO_READ)
  		return (EOPNOTSUPP);
  
diff -c procfs_old/procfs_type.c procfs/procfs_type.c
*** procfs_old/procfs_type.c	Sun Aug 10 15:05:47 1997
--- procfs/procfs_type.c	Sun Aug 10 16:37:15 1997
***************
*** 65,70 ****
--- 65,72 ----
  	char mebuffer[256];
  	char *none = "Not Available";
  
+ 	if(p->p_flag & P_SUGID)
+ 		return (EPERM);
  	if (uio->uio_rw != UIO_READ)
  		return (EOPNOTSUPP);
  




Brian Mitchell                                  brian@firehouse.net
"BSD code sucks. Of course, everything else sucks far more."
- Theo de Raadt (OpenBSD President)





Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.NEB.3.96.970810165359.205A-100000>