Usage of priv_cred in sys/kern/kern_ktrace.c
Mateusz Guzik
mjguzik at gmail.com
Tue Jul 15 21:35:24 UTC 2008
Hi,
ktrace has the ability to set flag KTRFAC_ROOT, indicating that the
root user started tracing of the given process. It does the following:
if (priv_check(td, PRIV_KTRACE) == 0)
p->p_traceflag |= KTRFAC_ROOT;
I believe this check is wrong and should be changes to something like:
if (td->td_ucred->cr_uid == UID_ROOT)
p->p_traceflag |= KTRFAC_ROOT;
Also, despite the existence of PRIV_KTRACE, there's no way to disable
ktrace using the MAC framework, because priv_check is only used in case
described above.
Am I misintepreting something? If I'm right, what do You think about the
attached patch? :)
Thanks for Your time,
--
Mateusz Guzik <mjguzik at gmail.com>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: ktrace.diff
Type: text/x-diff
Size: 2063 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-hackers/attachments/20080715/05555820/ktrace.bin
More information about the freebsd-hackers
mailing list