o Add a comment to p_candebug() noting that the P_INEXEC check should

really be moved elsewhere: p_candebug() encapsulates the security policy decision, whereas the P_INEXEC check has to do with "correctness" regarding race conditions, rather than security policy. Example: even if no security protections were enforced (the "uids are advisory" model), removing P_INEXEC could result in incorrect operation due to races on credential evaluation and modification during execve(). Obtained from: TrustedBSD Project
svn path=/head/; revision=85880
2024-12-04 09:09:56 +00:00 · 2001-11-02 16:41:06 +00:00 · 2001-11-02 16:41:06 +00:00 · 5fab7614f4 · 2020-12-20 02:59:44 +00:00
commit 5fab7614f4
parent 06a9ff8e81
1 changed files with 6 additions and 1 deletions
--- a/sys/kern/kern_prot.c
+++ b/sys/kern/kern_prot.c
@ -1569,7 +1569,12 @@ p_candebug(struct proc *p1, struct proc *p2)
 			return (error);
 	}

-	/* can't trace a process that's currently exec'ing */
+	/*
+	 * Can't trace a process that's currently exec'ing.
+	 * XXX: Note, this is not a security policy decision, it's a
+	 * basic correctness/functionality decision.  Therefore, this check
+	 * should be moved to the caller's of p_candebug().
+	 */
 	if ((p2->p_flag & P_INEXEC) != 0)
 		return (EAGAIN);