Subject: Re: ktrace and P_SUGID
To: None <>
From: None <>
List: tech-security
Date: 07/10/2002 18:39:26
At Sun, 30 Jun 2002 05:26:40 +0000 (UTC), "Robert Elz" wrote:
>   | 	there are other uses of "cr_uid == 0" in sys/kern.  could you
>   | 	check if any of these are incorrect or not?
>   | 	(obviously, the one within suser() is okay)
> The obvious one, and the other one in ktrace.c are OK as they are.
> The other 3 are incorrect.

I came to the latter conclusion as well, but wasn't so sure about the
other use in ktrace.c.

from a quick read:

the use if uid == 0 in ktrops() sets KTRFAC_ROOT, which later is used in
ktrcanset() to determine settability of options and allows them when
they otherwise would not be allowed, correct?

So, I _think_ that if ktrcanset() has to resort to the KTRFAC_ROOT
test and that test succeeds, the 'curp' from the call to ktrops()
should have its ASU flag set.

This would seem to be ... difficult to resolve in a sane way.  8-)

The whole game of ... delayed privilege evaluation involving
KTRFAC_ROOT seems a bit dubious if you're trying to set the ASU bit