Page MenuHomeFreeBSD
Files F111543027

D33986.id101762.diff
No OneTemporary
Actions

D33986.id101762.diff
View Options

diff --git a/sys/compat/freebsd32/freebsd32_misc.c b/sys/compat/freebsd32/freebsd32_misc.c
--- a/sys/compat/freebsd32/freebsd32_misc.c
+++ b/sys/compat/freebsd32/freebsd32_misc.c
@@ -977,7 +977,11 @@
struct ptrace_sc_ret32 psr;
} r32;
void *addr;
- int data, error = 0, i;
+ int data, error, i;
+
+ if (!allow_ptrace)
+ return (ENOSYS);
+ error = 0;
AUDIT_ARG_PID(uap->pid);
AUDIT_ARG_CMD(uap->req);
diff --git a/sys/kern/kern_prot.c b/sys/kern/kern_prot.c
--- a/sys/kern/kern_prot.c
+++ b/sys/kern/kern_prot.c
@@ -58,6 +58,7 @@
#include <sys/loginclass.h>
#include <sys/malloc.h>
#include <sys/mutex.h>
+#include <sys/ptrace.h>
#include <sys/refcount.h>
#include <sys/sx.h>
#include <sys/priv.h>
@@ -1460,10 +1461,12 @@
int
p_cansee(struct thread *td, struct proc *p)
{
-
/* Wrap cr_cansee() for all functionality. */
KASSERT(td == curthread, ("%s: td not curthread", __func__));
PROC_LOCK_ASSERT(p, MA_OWNED);
+
+ if (td->td_proc == p)
+ return (0);
return (cr_cansee(td->td_ucred, p->p_ucred));
}
@@ -1681,10 +1684,10 @@
KASSERT(td == curthread, ("%s: td not curthread", __func__));
PROC_LOCK_ASSERT(p, MA_OWNED);
- if ((error = priv_check(td, PRIV_DEBUG_UNPRIV)))
- return (error);
if (td->td_proc == p)
return (0);
+ if ((error = priv_check(td, PRIV_DEBUG_UNPRIV)))
+ return (error);
if ((error = prison_check(td->td_ucred, p->p_ucred)))
return (error);
#ifdef MAC
@@ -2483,3 +2486,8 @@
newcred->cr_svgid = svgid;
}
+
+bool allow_ptrace = true;
+SYSCTL_BOOL(_debug, OID_AUTO, allow_ptrace, CTLFLAG_RWTUN,
+ &allow_ptrace, 0,
+ "");
diff --git a/sys/kern/sys_process.c b/sys/kern/sys_process.c
--- a/sys/kern/sys_process.c
+++ b/sys/kern/sys_process.c
@@ -479,7 +479,11 @@
int ptevents;
} r;
void *addr;
- int error = 0;
+ int error;
+
+ if (!allow_ptrace)
+ return (ENOSYS);
+ error = 0;
AUDIT_ARG_PID(uap->pid);
AUDIT_ARG_CMD(uap->req);
diff --git a/sys/sys/ptrace.h b/sys/sys/ptrace.h
--- a/sys/sys/ptrace.h
+++ b/sys/sys/ptrace.h
@@ -243,6 +243,8 @@
void ptrace_unsuspend(struct proc *p);
+extern bool allow_ptrace;
+
#else /* !_KERNEL */
#include <sys/cdefs.h>

File Metadata

Mime Type
text/plain
Expires
Thu, Mar 6, 1:25 AM (6 h, 45 m)
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
17005371
Default Alt Text
D33986.id101762.diff (2 KB)

Event Timeline