There is a permission check for EVFILT_PROC that is not documented. Actually,
it directly contradicts the documentation, which says you can watch any
process you can see. The documented behavior makes sense, since I could also
just run ps in a tight loop and get the same info, only less efficiently.
The check was added without note during the initial import (as suser only!)
and then refined shortly later, but no justification given.
I think we should remove the check. It doesn't make sense, and it's different
from other systems using kqueue. (I also had to work around it in rebound,
where some code could be organized better if it weren't for the need to call
kevent before switching IDs.)
Index: kern_event.c
===================================================================
RCS file: /cvs/src/sys/kern/kern_event.c,v
retrieving revision 1.71
diff -u -p -r1.71 kern_event.c
--- kern_event.c 6 Jan 2016 17:58:46 -0000 1.71
+++ kern_event.c 12 May 2016 16:01:20 -0000
@@ -219,15 +219,6 @@ filt_procattach(struct knote *kn)
if (pr->ps_flags & PS_EXITING)
return (ESRCH);
- /*
- * Fail if it's not owned by you, or the last exec gave us
- * setuid/setgid privs (unless you're root).
- */
- if (pr != curproc->p_p &&
- (pr->ps_ucred->cr_ruid != curproc->p_ucred->cr_ruid ||
- (pr->ps_flags & PS_SUGID)) && suser(curproc, 0) != 0)
- return (EACCES);
-
kn->kn_ptr.p_process = pr;
kn->kn_flags |= EV_CLEAR; /* automatically set */
