Currently even if root ktraces an unprivileged process that execs a sguid
executable, then tracing aborted at that point. I think that that happens
because wrong credentials are checked at that point.
What do you think about the following patch?
commit 956a80783bc39162b1d64383188c5037f9767413
Author: Andriy Gapon <a...@icyb.net.ua>
Date: Sat Sep 22 18:17:46 2012 +0300
kern_exec: check p_tracecred instead of p_cred
... when deciding whether to continue tracing across suid/sgid exec
diff --git a/sys/kern/kern_exec.c b/sys/kern/kern_exec.c
index 90f7311..8d62c1e 100644
--- a/sys/kern/kern_exec.c
+++ b/sys/kern/kern_exec.c
@@ -694,7 +694,8 @@ interpret:
setsugid(p);
#ifdef KTRACE
- if (priv_check_cred(oldcred, PRIV_DEBUG_DIFFCRED, 0))
+ if (p->p_tracecred != NULL &&
+ priv_check_cred(p->p_tracecred, PRIV_DEBUG_DIFFCRED, 0))
ktrprocexec(p, &tracecred, &tracevp);
#endif
/*
--
Andriy Gapon
_______________________________________________
freebsd-hackers@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-hackers
To unsubscribe, send any mail to "freebsd-hackers-unsubscr...@freebsd.org"
