cvs commit: src/sys/fs/procfs procfs.c
Dag-Erling Smørgrav
des at des.no
Fri Jun 2 12:36:14 UTC 2006
Guy Helmer <ghelmer at FreeBSD.org> writes:
> Log:
> Revision 1.4 set access for all sensitive files in /proc/<PID> to mode 0
> if a process's uid or gid has changed, but the /proc/<PID> directory
> itself was also set to mode 0. Assuming this doesn't open any
> security holes, open access to the /proc/<PID> directory for users
> other than root to read or search the directory.
>
> Reviewed by: des (back in February)
> MFC after: 3 weeks
In hindsight, I think I prefer the attached (untested) solution...
DES
--
Dag-Erling Smørgrav - des at des.no
-------------- next part --------------
A non-text attachment was scrubbed...
Name: procfs.diff
Type: text/x-patch
Size: 990 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/cvs-all/attachments/20060602/b03a5b0c/procfs.bin
More information about the cvs-all
mailing list