Skip site navigation (1)Skip section navigation (2) 
Date:      Fri, 23 Jul 1999 22:12:29 -0700 (PDT)
From:      <jkoshy@FreeBSD.org>
To:        freebsd-hackers@freebsd.org
Subject:   deny ktrace without read permissions?
Message-ID:  <199907240512.WAA19120@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help 


PR bin/3546 asks that `ktrace(1)' not be allowed on files that do not have
read permissions for the user attempting to execute them.

The intent of this change is to prevent a user from seeing how an
executable with '--x--x--x' perms works by ktrace'ing its execution.  

My question to the -hackers is: is this a useful semantic?  Would it break
anything if added?

A patch to "/sys/kern/kern_exec.c" that adds this functionality is attached
for those who would like to play with the change.

Regards,
Koshy

Index: /sys/kern/kern_exec.c
===================================================================
RCS file: /home/ncvs/src/sys/kern/kern_exec.c,v
retrieving revision 1.99
diff -u -r1.99 kern_exec.c
--- kern_exec.c	1999/04/27 11:15:55	1.99
+++ kern_exec.c	1999/07/24 10:35:09
@@ -26,6 +26,8 @@
  *	$Id: kern_exec.c,v 1.99 1999/04/27 11:15:55 phk Exp $
  */
 
+#include "opt_ktrace.h"
+
 #include <sys/param.h>
 #include <sys/systm.h>
 #include <sys/sysproto.h>
@@ -48,6 +50,9 @@
 #include <sys/sysctl.h>
 #include <sys/vnode.h>
 #include <sys/buf.h>
+#ifdef KTRACE
+#include <sys/ktrace.h>
+#endif
 
 #include <vm/vm.h>
 #include <vm/vm_param.h>
@@ -650,6 +655,7 @@
 	struct vnode *vp = imgp->vp;
 	struct vattr *attr = imgp->attr;
 	int error;
+	int mode;
 
 	/* Get file attributes */
 	error = VOP_GETATTR(vp, attr, p->p_ucred, p);
@@ -677,9 +683,14 @@
 		return (ENOEXEC);
 
 	/*
-	 *  Check for execute permission to file based on current credentials.
+	 * Check for execute permission to file based on current credentials.
 	 */
-	error = VOP_ACCESS(vp, VEXEC, p->p_ucred, p);
+	mode = VEXEC;
+#ifdef KTRACE
+	if (p->p_traceflag & KTRFAC_MASK)
+		mode |= VREAD;
+#endif
+	error = VOP_ACCESS(vp, mode, p->p_ucred, p);
 	if (error)
 		return (error);
 




To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199907240512.WAA19120>