Theo de Raadt wrote:
> > > > I think we should remove the check. It doesn't make sense, and it's
> > > > different
> > > > from other systems using kqueue. (I also had to work around it in
> > > > rebound,
> > > > where some code could be organized better if it weren't for the need to
> > > > call
> > > > kevent before switching IDs.)
> > >
> > > FreeBSD has process visibility controls and checks them in this
> > > location. We don't have any such controls, so removing that chunk
> > > should be fine. OK millert@
> >
> > Unless we have someone who wants to go down that road...
>
> Or, should this specific bit be disallowed if pledge'd, but lacking "proc"?
That is consistent.
Index: kern_event.c
===================================================================
RCS file: /cvs/src/sys/kern/kern_event.c,v
retrieving revision 1.71
diff -u -p -r1.71 kern_event.c
--- kern_event.c 6 Jan 2016 17:58:46 -0000 1.71
+++ kern_event.c 12 May 2016 17:32:05 -0000
@@ -32,6 +32,7 @@
#include <sys/systm.h>
#include <sys/kernel.h>
#include <sys/proc.h>
+#include <sys/pledge.h>
#include <sys/malloc.h>
#include <sys/unistd.h>
#include <sys/file.h>
@@ -211,6 +212,10 @@ filt_procattach(struct knote *kn)
{
struct process *pr;
+ if ((curproc->p_p->ps_flags & PS_PLEDGE) &&
+ (curproc->p_p->ps_pledge & PLEDGE_PROC) == 0)
+ return pledge_fail(curproc, EPERM, PLEDGE_PROC);
+
pr = prfind(kn->kn_id);
if (pr == NULL)
return (ESRCH);
@@ -218,15 +223,6 @@ filt_procattach(struct knote *kn)
/* exiting processes can't be specified */
if (pr->ps_flags & PS_EXITING)
return (ESRCH);
-
- /*
- * Fail if it's not owned by you, or the last exec gave us
- * setuid/setgid privs (unless you're root).
- */
- if (pr != curproc->p_p &&
- (pr->ps_ucred->cr_ruid != curproc->p_ucred->cr_ruid ||
- (pr->ps_flags & PS_SUGID)) && suser(curproc, 0) != 0)
- return (EACCES);
kn->kn_ptr.p_process = pr;
kn->kn_flags |= EV_CLEAR; /* automatically set */
