Commit 1f044325 authored by Shawn Webb's avatar Shawn Webb
Browse files

HBSD: Fix kernel-side of procctl(2) cansee/candebug generally

When a non-zero PID value is passed to procctl(2), procctl verifies that
the caller has the right to observe the target. We should treat passing
in the caller's own PID as the same as passing in 0, in which the
cansee/candebug check is bypassed.

This fixes in a more general fashion the bug that OpenSSH manifest,
which I had fixed in commit cc791ab8

.
Signed-off-by: Shawn Webb's avatarShawn Webb <shawn.webb@hardenedbsd.org>
parent cc791ab8
......@@ -939,9 +939,9 @@ kern_procctl(struct thread *td, idtype_t idtype, id_t id, int com, void *data)
switch (idtype) {
case P_PID:
error = 0;
if (id == 0) {
p = td->td_proc;
error = 0;
PROC_LOCK(p);
} else {
p = pfind(id);
......@@ -950,8 +950,9 @@ kern_procctl(struct thread *td, idtype_t idtype, id_t id, int com, void *data)
EINVAL : ESRCH;
break;
}
error = cmd_info->need_candebug ? p_candebug(td, p) :
p_cansee(td, p);
if (p != td->td_proc)
error = cmd_info->need_candebug ?
p_candebug(td, p) : p_cansee(td, p);
}
if (error == 0)
error = kern_procctl_single(td, p, com, data);
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment