mirror of
https://git.FreeBSD.org/src.git
synced 2024-12-05 09:14:03 +00:00
o Add a comment to p_candebug() noting that the P_INEXEC check should
really be moved elsewhere: p_candebug() encapsulates the security policy decision, whereas the P_INEXEC check has to do with "correctness" regarding race conditions, rather than security policy. Example: even if no security protections were enforced (the "uids are advisory" model), removing P_INEXEC could result in incorrect operation due to races on credential evaluation and modification during execve(). Obtained from: TrustedBSD Project
This commit is contained in:
parent
06a9ff8e81
commit
5fab7614f4
Notes:
svn2git
2020-12-20 02:59:44 +00:00
svn path=/head/; revision=85880
@ -1569,7 +1569,12 @@ p_candebug(struct proc *p1, struct proc *p2)
|
|||||||
return (error);
|
return (error);
|
||||||
}
|
}
|
||||||
|
|
||||||
/* can't trace a process that's currently exec'ing */
|
/*
|
||||||
|
* Can't trace a process that's currently exec'ing.
|
||||||
|
* XXX: Note, this is not a security policy decision, it's a
|
||||||
|
* basic correctness/functionality decision. Therefore, this check
|
||||||
|
* should be moved to the caller's of p_candebug().
|
||||||
|
*/
|
||||||
if ((p2->p_flag & P_INEXEC) != 0)
|
if ((p2->p_flag & P_INEXEC) != 0)
|
||||||
return (EAGAIN);
|
return (EAGAIN);
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user