cvs commit: src/sys/fs/procfs procfs.c

Guy Helmer ghelmer at palisadesys.com
Fri Jun 2 19:16:44 UTC 2006


Dag-Erling Smørgrav wrote:
> Guy Helmer <ghelmer at FreeBSD.org> writes:
>   
>>   Log:
>>   Revision 1.4 set access for all sensitive files in /proc/<PID> to mode 0
>>   if a process's uid or gid has changed, but the /proc/<PID> directory
>>   itself was also set to mode 0.  Assuming this doesn't open any
>>   security holes, open access to the /proc/<PID> directory for users
>>   other than root to read or search the directory.
>>   
>>   Reviewed by:    des (back in February)
>>   MFC after:      3 weeks
>>     
>
> In hindsight, I think I prefer the attached (untested) solution...
>
> DES
>   
After applying this patch, /proc/<PID>/ctl is writable by the owner of a 
P_SUGID process:

--w-------  1 ph    ph     0 Jun  2 13:54 ctl

(it used to be mode 000).  Is that OK?  It doesn't seem right to me...

Guy




More information about the cvs-src mailing list