D40626.id127909.diff
No OneTemporary
Actions

Size

1 KB

Referenced Files

None

Subscribers

None

D40626.id127909.diff
View Options

	diff --git a/sys/kern/kern_jail.c b/sys/kern/kern_jail.c
	--- a/sys/kern/kern_jail.c
	+++ b/sys/kern/kern_jail.c
	@@ -3939,6 +3939,7 @@
	*/
	case PRIV_SEEOTHERGIDS:
	case PRIV_SEEOTHERUIDS:
	+ case PRIV_SEEJAILPROC:

	/*
	* Jail implements inter-process debugging limits already, so
	diff --git a/sys/kern/kern_prot.c b/sys/kern/kern_prot.c
	--- a/sys/kern/kern_prot.c
	+++ b/sys/kern/kern_prot.c
	@@ -1426,9 +1426,12 @@
	int
	cr_canseejailproc(struct ucred u1, struct ucred u2)
	{
	- if (u1->cr_uid == 0)
	+ if (see_jail_proc \|\| /* Policy deactivated. */
	+ u1->cr_prison == u2->cr_prison \|\| /* Same jail. */
	+ priv_check_cred(u1, PRIV_SEEJAILPROC) == 0) /* Privileged. */
	return (0);
	- return (!see_jail_proc && u1->cr_prison != u2->cr_prison ? ESRCH : 0);
	+
	+ return (ESRCH);
	}

	/*-
	diff --git a/sys/security/mac_biba/mac_biba.c b/sys/security/mac_biba/mac_biba.c
	--- a/sys/security/mac_biba/mac_biba.c
	+++ b/sys/security/mac_biba/mac_biba.c
	@@ -1924,6 +1924,7 @@
	*/
	case PRIV_SEEOTHERGIDS:
	case PRIV_SEEOTHERUIDS:
	+ case PRIV_SEEJAILPROC:
	break;

	/*
	diff --git a/sys/security/mac_lomac/mac_lomac.c b/sys/security/mac_lomac/mac_lomac.c
	--- a/sys/security/mac_lomac/mac_lomac.c
	+++ b/sys/security/mac_lomac/mac_lomac.c
	@@ -1702,6 +1702,7 @@
	*/
	case PRIV_SEEOTHERGIDS:
	case PRIV_SEEOTHERUIDS:
	+ case PRIV_SEEJAILPROC:
	break;

	/*
	diff --git a/sys/sys/priv.h b/sys/sys/priv.h
	--- a/sys/sys/priv.h
	+++ b/sys/sys/priv.h
	@@ -105,6 +105,7 @@
	#define PRIV_CRED_SETRESGID 58 /* setresgid. */
	#define PRIV_SEEOTHERGIDS 59 /* Exempt bsd.seeothergids. */
	#define PRIV_SEEOTHERUIDS 60 /* Exempt bsd.seeotheruids. */
	+#define PRIV_SEEJAILPROC 61 /* Exempt from bsd.see_jail_proc. */

	/*
	* Debugging privileges.

File Metadata

Mime Type: text/plain
Expires: Sun, Dec 22, 6:57 AM (2 h, 42 m)
Storage Engine: blob
Storage Format: Raw Data
Storage Handle: 15551328
Default Alt Text: D40626.id127909.diff (1 KB)

D40626.id127909.diffNo OneTemporaryActions

D40626.id127909.diffView Options

File Metadata

Event Timeline

D40626.id127909.diff
No OneTemporary
Actions

D40626.id127909.diff
View Options