From owner-cvs-src@FreeBSD.ORG  Fri Jun  2 19:16:43 2006
Return-Path: <owner-cvs-src@FreeBSD.ORG>
X-Original-To: cvs-src@FreeBSD.org
Delivered-To: cvs-src@FreeBSD.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id C31CF16A470;
	Fri,  2 Jun 2006 19:16:43 +0000 (UTC)
	(envelope-from ghelmer@palisadesys.com)
Received: from magellan.palisadesys.com (magellan.palisadesys.com
	[192.188.162.211])
	by mx1.FreeBSD.org (Postfix) with ESMTP id BD23343D6D;
	Fri,  2 Jun 2006 19:16:35 +0000 (GMT)
	(envelope-from ghelmer@palisadesys.com)
Received: from [192.188.162.240] (volans.palisadesys.com [192.188.162.240])
	(authenticated bits=0)
	by magellan.palisadesys.com (8.13.4/8.13.4) with ESMTP id
	k52JGJCG039053
	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO);
	Fri, 2 Jun 2006 14:16:22 -0500 (CDT)
	(envelope-from ghelmer@palisadesys.com)
Message-ID: <44808E83.4070704@palisadesys.com>
Date: Fri, 02 Jun 2006 14:16:19 -0500
From: Guy Helmer <ghelmer@palisadesys.com>
User-Agent: Thunderbird 1.5 (X11/20060207)
MIME-Version: 1.0
To: =?ISO-8859-1?Q?Dag-Erling_Sm=F8rgrav?= <des@des.no>
References: <200605241403.k4OE3pvp007556@repoman.freebsd.org>
	<86y7wf20qy.fsf@xps.des.no>
In-Reply-To: <86y7wf20qy.fsf@xps.des.no>
X-Palisade-MailScanner-Information: Please contact the ISP for more information
X-Palisade-MailScanner: Found to be clean
X-Palisade-MailScanner-SpamCheck: not spam (whitelisted),
	SpamAssassin (score=-3.688, required 6, autolearn=not spam,
	ALL_TRUSTED -1.80, BAYES_00 -2.60, HTML_40_50 0.50,
	HTML_MESSAGE 0.00, HTML_TITLE_EMPTY 0.21)
X-Palisade-MailScanner-From: ghelmer@palisadesys.com
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 8bit
X-Content-Filtered-By: Mailman/MimeDel 2.1.5
Cc: cvs-src@FreeBSD.org, src-committers@FreeBSD.org,
	Guy Helmer <ghelmer@FreeBSD.org>, cvs-all@FreeBSD.org
Subject: Re: cvs commit: src/sys/fs/procfs procfs.c
X-BeenThere: cvs-src@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: CVS commit messages for the src tree <cvs-src.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/cvs-src>,
	<mailto:cvs-src-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/cvs-src>
List-Post: <mailto:cvs-src@freebsd.org>
List-Help: <mailto:cvs-src-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/cvs-src>,
	<mailto:cvs-src-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 02 Jun 2006 19:16:44 -0000

Dag-Erling Smørgrav wrote:
> Guy Helmer <ghelmer@FreeBSD.org> writes:
>   
>>   Log:
>>   Revision 1.4 set access for all sensitive files in /proc/<PID> to mode 0
>>   if a process's uid or gid has changed, but the /proc/<PID> directory
>>   itself was also set to mode 0.  Assuming this doesn't open any
>>   security holes, open access to the /proc/<PID> directory for users
>>   other than root to read or search the directory.
>>   
>>   Reviewed by:    des (back in February)
>>   MFC after:      3 weeks
>>     
>
> In hindsight, I think I prefer the attached (untested) solution...
>
> DES
>   
After applying this patch, /proc/<PID>/ctl is writable by the owner of a 
P_SUGID process:

--w-------  1 ph    ph     0 Jun  2 13:54 ctl

(it used to be mode 000).  Is that OK?  It doesn't seem right to me...

Guy