aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDag-Erling Smørgrav <des@FreeBSD.org>2002-07-11 16:47:55 +0000
committerDag-Erling Smørgrav <des@FreeBSD.org>2002-07-11 16:47:55 +0000
commit1a6496aa3fb8824f56168d99e46c484cf3980670 (patch)
tree6c456c86e69ca38ddb872381480d6a9533ec765f
parent2e6ab48414fb2a99a016787e384f5e99f765674f (diff)
downloadsrc-1a6496aa3fb8824f56168d99e46c484cf3980670.tar.gz
src-1a6496aa3fb8824f56168d99e46c484cf3980670.zip
Notes
Diffstat
-rw-r--r--UPDATING3
-rw-r--r--sys/kern/kern_ktrace.c3
2 files changed, 5 insertions, 1 deletions
diff --git a/UPDATING b/UPDATING
index 10e5f9c1223f..973506ec7c11 100644
--- a/UPDATING
+++ b/UPDATING
@@ -19,6 +19,9 @@ minimal number of processes, if possible, for that patch. For those
updates that don't have an advisory, or to be safe, you can do a full
build and install as described in the COMMON ITEMS section.
+20020711: FreeBSD-SA-02:30.ktrace
+ Prevent users from tracing previously privileged processes.
+
20020626: p7 FreeBSD-SA-02:28.resolv
A fix for a buffer overflow in libc has been corrected.
diff --git a/sys/kern/kern_ktrace.c b/sys/kern/kern_ktrace.c
index c535097ace32..7a453d46608b 100644
--- a/sys/kern/kern_ktrace.c
+++ b/sys/kern/kern_ktrace.c
@@ -571,7 +571,8 @@ ktrcanset(callp, targetp)
target->p_ruid == target->p_svuid &&
caller->p_rgid == target->p_rgid && /* XXX */
target->p_rgid == target->p_svgid &&
- (targetp->p_traceflag & KTRFAC_ROOT) == 0) ||
+ (targetp->p_traceflag & KTRFAC_ROOT) == 0 &&
+ (targetp->p_flag & P_SUGID) == 0) ||
caller->pc_ucred->cr_uid == 0)
return (1);
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-08 07:42:44 +0000