From 5fab7614f4f201cfa378f11f5523ebce0015ccab Mon Sep 17 00:00:00 2001 From: Robert Watson Date: Fri, 2 Nov 2001 16:41:06 +0000 Subject: [PATCH] o Add a comment to p_candebug() noting that the P_INEXEC check should really be moved elsewhere: p_candebug() encapsulates the security policy decision, whereas the P_INEXEC check has to do with "correctness" regarding race conditions, rather than security policy. Example: even if no security protections were enforced (the "uids are advisory" model), removing P_INEXEC could result in incorrect operation due to races on credential evaluation and modification during execve(). Obtained from: TrustedBSD Project --- sys/kern/kern_prot.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/sys/kern/kern_prot.c b/sys/kern/kern_prot.c index 6a1789813c05..f98135a22e2a 100644 --- a/sys/kern/kern_prot.c +++ b/sys/kern/kern_prot.c @@ -1569,7 +1569,12 @@ p_candebug(struct proc *p1, struct proc *p2) return (error); } - /* can't trace a process that's currently exec'ing */ + /* + * Can't trace a process that's currently exec'ing. + * XXX: Note, this is not a security policy decision, it's a + * basic correctness/functionality decision. Therefore, this check + * should be moved to the caller's of p_candebug(). + */ if ((p2->p_flag & P_INEXEC) != 0) return (EAGAIN);