[src/kqueue]: src/sys/kern filt_procattach() when attaching knote to a proces...

[jdolecek <jdolecek%NetBSD.org@localhost>]

details:   https://anonhg.NetBSD.org/src/rev/e2bedace9fa5
branches:  kqueue
changeset: 512536:e2bedace9fa5
user:      jdolecek <jdolecek%NetBSD.org@localhost>
date:      Tue Oct 01 20:29:33 2002 +0000

description:
filt_procattach() when attaching knote to a process, check that the current
process has either same uid, or is run by superuser; this fixes botch
in the import of the code to NetBSD, when the permissions check was removed
from original FreeBSD code

Brought to my attention by report of diffent issue by
Peter Werner <Peter.Werner at wgsn dot com>.

Actual code for the check taken from OpenBSD; FreeBSD version of the check
is different enough to not be directly usable.

diffstat:

 sys/kern/kern_event.c |  11 ++++++++++-
 1 files changed, 10 insertions(+), 1 deletions(-)

diffs (25 lines):

diff -r 371af3cb2f8e -r e2bedace9fa5 sys/kern/kern_event.c
--- a/sys/kern/kern_event.c     Mon Sep 30 20:43:39 2002 +0000
+++ b/sys/kern/kern_event.c     Tue Oct 01 20:29:33 2002 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: kern_event.c,v 1.1.1.1.2.15 2002/09/18 20:48:55 jdolecek Exp $ */
+/*     $NetBSD: kern_event.c,v 1.1.1.1.2.16 2002/10/01 20:29:33 jdolecek Exp $ */
 /*-
  * Copyright (c) 1999,2000,2001 Jonathan Lemon <jlemon%FreeBSD.org@localhost>
  * All rights reserved.
@@ -362,6 +362,15 @@
        if (p == NULL)
                return (ESRCH);
 
+       /*
+        * Fail if it's not owned by you, or the last exec gave us
+        * setuid/setgid privs (unless you're root).
+        */
+       if ((p->p_cred->p_ruid != curproc->p_cred->p_ruid ||
+               (p->p_flag & P_SUGID))
+           && suser(curproc->p_ucred, &curproc->p_acflag) != 0)
+               return (EACCES);
+
        kn->kn_ptr.p_proc = p;
        kn->kn_flags |= EV_CLEAR;       /* automatically set */