From nobody Sat Jan 22 17:37:23 2022
X-Original-To: dev-commits-src-all@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 22E66196CB6D;
	Sat, 22 Jan 2022 17:37:24 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4Jh3NN0Smzz3v0k;
	Sat, 22 Jan 2022 17:37:24 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim;
	t=1642873044;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=eKbpLY2pZZU/RtVDDmhzSjVOyHk/xemPGAgwqDAQZh4=;
	b=LEgzm4CUPJswoHVXbpMoC7Zl5ahjvDlj4pHaExTaig78dNhIjkynGF4/RrFF3JooWn8g6Y
	s0RmZzxydMLXtROfFiOXyZ7znGdUk4k6TzmgWA7jBtHLLMXZmosWhwJvJquF4YHtJVeZ8Y
	t97ykamkDc9zs+Dl8ATffgWnx1Fw+2WB9plxOHElKH2mpa55NcgROmV/AlHn9R7vEMNZ9L
	8BQlxiFfMHoF6mpRfO22xNHXlYtk4gQiKlexnrk67OE6/t7JCb5ZiIZyMSjKNBSnRCEl+g
	bj2GwXVLEsX0HCG153WFuCct3O8TaZTG3J7o0xcLnfbgm2o8oXpcqrncOoBJ0A==
Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id E458A133CF;
	Sat, 22 Jan 2022 17:37:23 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from gitrepo.freebsd.org ([127.0.1.44])
	by gitrepo.freebsd.org (8.16.1/8.16.1) with ESMTP id 20MHbNo8040125;
	Sat, 22 Jan 2022 17:37:23 GMT
	(envelope-from git@gitrepo.freebsd.org)
Received: (from git@localhost)
	by gitrepo.freebsd.org (8.16.1/8.16.1/Submit) id 20MHbNrP040124;
	Sat, 22 Jan 2022 17:37:23 GMT
	(envelope-from git)
Date: Sat, 22 Jan 2022 17:37:23 GMT
Message-Id: <202201221737.20MHbNrP040124@gitrepo.freebsd.org>
To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org,
        dev-commits-src-main@FreeBSD.org
From: Konstantin Belousov <kib@FreeBSD.org>
Subject: git: 55a0aa21628a - main - p_candebug(), p_cansee(): always allow for curproc
List-Id: Commit messages for all branches of the src repository <dev-commits-src-all.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/dev-commits-src-all
List-Help: <mailto:dev-commits-src-all+help@freebsd.org>
List-Post: <mailto:dev-commits-src-all@freebsd.org>
List-Subscribe: <mailto:dev-commits-src-all+subscribe@freebsd.org>
List-Unsubscribe: <mailto:dev-commits-src-all+unsubscribe@freebsd.org>
Sender: owner-dev-commits-src-all@freebsd.org
X-BeenThere: dev-commits-src-all@freebsd.org
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-Git-Committer: kib
X-Git-Repository: src
X-Git-Refname: refs/heads/main
X-Git-Reftype: branch
X-Git-Commit: 55a0aa21628ad7b3bd8d6a42e51d79867d8996a9
Auto-Submitted: auto-generated
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1642873044;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=eKbpLY2pZZU/RtVDDmhzSjVOyHk/xemPGAgwqDAQZh4=;
	b=slQ5KqwpR48kvVjafI3sNVzyCqlVPUyKxR+j7iNgy34NQjVt0aQMJ6rcB75tEWs9scKHrr
	2ZagDoeA3XqAX1qHB1K64h8deZNE/W4oM5lQCWL05p7BGMTi3FzH8A1h9Hvp/RVomlXg4/
	wygXYOA7A2F9WqyrTDblfgpiV/mitywD6Kb3IgOi2O3kusr/5v8mY9Wn9yReO0XezsqAyf
	3w/hASlsQ54L5VqpuKuYp2hy3xbA+Z8FIhgzLPz4yltKcQ3whL1o1gy+4wfLghNMYqJ39F
	9yiQmn+/K7wXJXqEuhrEqcdgdUC+IZHx0d42NeK8mvTemfFgA3aHmIpTQh7ZHQ==
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1642873044; a=rsa-sha256; cv=none;
	b=Ht+puvdA6Ntuc9xRUnMb8u471tFSFcaxBLtWE2MDysdx4WulPcOXYljsYR8AKhJFZuYBSo
	qR1DhUa7HgTjEjqlbCSIKABI4IqtxcpzpTwqDn7sxHECCscnN5gYwc7wA2aqMAQkBy1JtD
	Z33EvrQBnFmEPCq1vQQMk/1Joz6P8vZPkh25nP1KZRVe6HikCFuZ+DbHnTzqPNlRBTmuBZ
	FAtpQDH/pn24InXtEh8dDGal5AAbwCt1wl+RT5xRFDbBAEBECaKROC958GsHV4T9dMHyF9
	j8D+rPOW27ZmoQRKOudwaDU1vah3jNQY9ebtIEwLfjs+sqH28TYfP9rH30rTCA==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
X-ThisMailContainsUnwantedMimeParts: N

The branch main has been updated by kib:

URL: https://cgit.FreeBSD.org/src/commit/?id=55a0aa21628ad7b3bd8d6a42e51d79867d8996a9

commit 55a0aa21628ad7b3bd8d6a42e51d79867d8996a9
Author:     Konstantin Belousov <kib@FreeBSD.org>
AuthorDate: 2022-01-21 15:29:17 +0000
Commit:     Konstantin Belousov <kib@FreeBSD.org>
CommitDate: 2022-01-22 17:36:56 +0000

    p_candebug(), p_cansee(): always allow for curproc
    
    Privilege checks in both functions should allow the current process to
    infer information about itself, as well as use the interfaces that are
    proclaimed 'debugging', for instance, procctl(2).
    
    Note that in p_cansee() case, explicit comparision of curproc and p
    avoids a race where the process might change credentials and cause
    thread to compare its cached stale credentials against updated process
    creds, effectively disallowing the process to observe itself.
    
    Reviewed by:    emaste
    Sponsored by:   The FreeBSD Foundation
    MFC after:      1 week
    Differential revision:  https://reviews.freebsd.org/D33986
---
 sys/kern/kern_prot.c | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/sys/kern/kern_prot.c b/sys/kern/kern_prot.c
index 647acfa60681..0031465f081d 100644
--- a/sys/kern/kern_prot.c
+++ b/sys/kern/kern_prot.c
@@ -1460,10 +1460,12 @@ cr_cansee(struct ucred *u1, struct ucred *u2)
 int
 p_cansee(struct thread *td, struct proc *p)
 {
-
 	/* Wrap cr_cansee() for all functionality. */
 	KASSERT(td == curthread, ("%s: td not curthread", __func__));
 	PROC_LOCK_ASSERT(p, MA_OWNED);
+
+	if (td->td_proc == p)
+		return (0);
 	return (cr_cansee(td->td_ucred, p->p_ucred));
 }
 
@@ -1681,10 +1683,10 @@ p_candebug(struct thread *td, struct proc *p)
 
 	KASSERT(td == curthread, ("%s: td not curthread", __func__));
 	PROC_LOCK_ASSERT(p, MA_OWNED);
-	if ((error = priv_check(td, PRIV_DEBUG_UNPRIV)))
-		return (error);
 	if (td->td_proc == p)
 		return (0);
+	if ((error = priv_check(td, PRIV_DEBUG_UNPRIV)))
+		return (error);
 	if ((error = prison_check(td->td_ucred, p->p_ucred)))
 		return (error);
 #ifdef MAC