Dag-Erling Smørgrav wrote:
Guy Helmer <[EMAIL PROTECTED]> writes:
Log:
Revision 1.4 set access for all sensitive files in /proc/<PID> to mode 0
if a process's uid or gid has changed, but the /proc/<PID> directory
itself was also set to mode 0. Assuming this doesn't open any
security holes, open access to the /proc/<PID> directory for users
other than root to read or search the directory.
Reviewed by: des (back in February)
MFC after: 3 weeks
In hindsight, I think I prefer the attached (untested) solution...
DES
After applying this patch, /proc/<PID>/ctl is writable by the owner of a
P_SUGID process:
--w------- 1 ph ph 0 Jun 2 13:54 ctl
(it used to be mode 000). Is that OK? It doesn't seem right to me...
Guy
_______________________________________________
[email protected] mailing list
http://lists.freebsd.org/mailman/listinfo/cvs-all
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
