cvs commit: src/sys/fs/procfs procfs.c
ghelmer at palisadesys.com
Fri Jun 2 19:16:46 UTC 2006
Dag-Erling Smørgrav wrote:
> Guy Helmer <ghelmer at FreeBSD.org> writes:
>> Revision 1.4 set access for all sensitive files in /proc/<PID> to mode 0
>> if a process's uid or gid has changed, but the /proc/<PID> directory
>> itself was also set to mode 0. Assuming this doesn't open any
>> security holes, open access to the /proc/<PID> directory for users
>> other than root to read or search the directory.
>> Reviewed by: des (back in February)
>> MFC after: 3 weeks
> In hindsight, I think I prefer the attached (untested) solution...
After applying this patch, /proc/<PID>/ctl is writable by the owner of a
--w------- 1 ph ph 0 Jun 2 13:54 ctl
(it used to be mode 000). Is that OK? It doesn't seem right to me...
More information about the cvs-all