mirror of
https://git.FreeBSD.org/src.git
synced 2024-12-05 09:14:03 +00:00
o Add a comment to p_candebug() noting that the P_INEXEC check should
really be moved elsewhere: p_candebug() encapsulates the security policy decision, whereas the P_INEXEC check has to do with "correctness" regarding race conditions, rather than security policy. Example: even if no security protections were enforced (the "uids are advisory" model), removing P_INEXEC could result in incorrect operation due to races on credential evaluation and modification during execve(). Obtained from: TrustedBSD Project
This commit is contained in:
parent
06a9ff8e81
commit
5fab7614f4
Notes:
svn2git
2020-12-20 02:59:44 +00:00
svn path=/head/; revision=85880
@ -1569,7 +1569,12 @@ p_candebug(struct proc *p1, struct proc *p2)
|
||||
return (error);
|
||||
}
|
||||
|
||||
/* can't trace a process that's currently exec'ing */
|
||||
/*
|
||||
* Can't trace a process that's currently exec'ing.
|
||||
* XXX: Note, this is not a security policy decision, it's a
|
||||
* basic correctness/functionality decision. Therefore, this check
|
||||
* should be moved to the caller's of p_candebug().
|
||||
*/
|
||||
if ((p2->p_flag & P_INEXEC) != 0)
|
||||
return (EAGAIN);
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user