tech-security: Re: ktrace and P

Subject: Re: ktrace and P_SUGID
To: Simon J. Gerraty <sjg@crufty.net>
From: None <itojun@iijlab.net>
List: tech-security
Date: 06/29/2002 21:16:26

>>	the following line takes care of "invoked by root" case.
>
>>	if ((caller->pc_ucred->cr_uid == target->p_ruid &&
>>	     target->p_ruid == target->p_svuid &&
>>	     caller->p_rgid == target->p_rgid &&        /* XXX */
>>	     target->p_rgid == target->p_svgid &&
>>	     (targetp->p_traceflag & KTRFAC_ROOT) == 0 &&
>>	     (targetp->p_flag & P_SUGID) == 0) ||
>>	     caller->pc_ucred->cr_uid == 0)		<----
>>		return (1);
>Hmm, wouldn't it be better to test caller->pc_ucred->cr_uid == 0
>first?

	it won't make that much of difference, as the first clause will not get
	evaluated all the way through if any of the sub-clause fails.
	for instance, if
		caller->pc_ucred->cr_uid == target->p_ruid
	is false, the rest won't get evaluated.

itojun