cvs commit: src/sys/fs/procfs procfs.c
Guy Helmer
ghelmer at palisadesys.com
Fri Jun 2 19:16:44 UTC 2006
Dag-Erling Smørgrav wrote:
> Guy Helmer <ghelmer at FreeBSD.org> writes:
>
>> Log:
>> Revision 1.4 set access for all sensitive files in /proc/<PID> to mode 0
>> if a process's uid or gid has changed, but the /proc/<PID> directory
>> itself was also set to mode 0. Assuming this doesn't open any
>> security holes, open access to the /proc/<PID> directory for users
>> other than root to read or search the directory.
>>
>> Reviewed by: des (back in February)
>> MFC after: 3 weeks
>>
>
> In hindsight, I think I prefer the attached (untested) solution...
>
> DES
>
After applying this patch, /proc/<PID>/ctl is writable by the owner of a
P_SUGID process:
--w------- 1 ph ph 0 Jun 2 13:54 ctl
(it used to be mode 000). Is that OK? It doesn't seem right to me...
Guy
More information about the cvs-src
mailing list