Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/trunk]: src/sys/dev/filemon Ensure that the PID specified in the FILEMON...
details: https://anonhg.NetBSD.org/src/rev/26009b50c056
branches: trunk
changeset: 341727:26009b50c056
user: pgoyette <pgoyette%NetBSD.org@localhost>
date: Fri Nov 20 02:58:19 2015 +0000
description:
Ensure that the PID specified in the FILEMON_SET_PID ioctl() call
belongs to the caller or one of its descendants.
diffstat:
sys/dev/filemon/filemon.c | 24 ++++++++++++++++++++++--
1 files changed, 22 insertions(+), 2 deletions(-)
diffs (48 lines):
diff -r 68c53f493dfc -r 26009b50c056 sys/dev/filemon/filemon.c
--- a/sys/dev/filemon/filemon.c Fri Nov 20 01:33:59 2015 +0000
+++ b/sys/dev/filemon/filemon.c Fri Nov 20 02:58:19 2015 +0000
@@ -24,7 +24,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: filemon.c,v 1.14 2015/11/20 01:33:59 pgoyette Exp $");
+__KERNEL_RCSID(0, "$NetBSD: filemon.c,v 1.15 2015/11/20 02:58:19 pgoyette Exp $");
#include <sys/param.h>
#include <sys/kernel.h>
@@ -278,7 +278,7 @@
{
int error = 0;
struct filemon *filemon;
- struct proc *tp;
+ struct proc *tp, *lp, *p;
#ifdef DEBUG
log(logLevel, "filemon_ioctl(%lu)", cmd);;
@@ -313,6 +313,26 @@
error = ESRCH;
break;
}
+
+ /* Ensure that target proc is a descendant of curproc */
+ p = tp;
+ while (p) {
+ /*
+ * make sure p cannot exit
+ * until we have moved on to p_pptr
+ */
+ rw_enter(&p->p_reflock, RW_READER);
+ if (p == curproc) {
+ rw_exit(&p->p_reflock);
+ break;
+ }
+ lp = p;
+ p = p->p_pptr;
+ rw_exit(&lp->p_reflock);
+ }
+ if (p == NULL)
+ return EPERM;
+
error = kauth_authorize_process(curproc->p_cred,
KAUTH_PROCESS_CANSEE, tp,
KAUTH_ARG(KAUTH_REQ_PROCESS_CANSEE_ENTRY), NULL, NULL);
Home |
Main Index |
Thread Index |
Old Index