cvs commit: src/sys/fs/procfs procfs.c
des at des.no
Fri Jun 2 12:36:19 UTC 2006
Guy Helmer <ghelmer at FreeBSD.org> writes:
> Revision 1.4 set access for all sensitive files in /proc/<PID> to mode 0
> if a process's uid or gid has changed, but the /proc/<PID> directory
> itself was also set to mode 0. Assuming this doesn't open any
> security holes, open access to the /proc/<PID> directory for users
> other than root to read or search the directory.
> Reviewed by: des (back in February)
> MFC after: 3 weeks
In hindsight, I think I prefer the attached (untested) solution...
Dag-Erling Smørgrav - des at des.no
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 990 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/cvs-src/attachments/20060602/b03a5b0c/procfs.bin
More information about the cvs-src