hardenedbsd/HardenedBSD
1
0
Fork 0
mirror of https://git.hardenedbsd.org/hardenedbsd/HardenedBSD.git synced 2024-11-14 06:12:01 +01:00
Code Issues Actions Packages Projects Releases Wiki Activity

Prevent debugger attachment to init when securelevel > 0.

Browse Source 
Noticed by:	Brian Buchanan <brian@wasteland.calbbs.com>
This commit is contained in:
Alexander Langer 1997-04-27 19:02:37 +00:00
parent 589ede60a1
commit ee7877dfec
Notes: svn2git 2020-12-20 02:59:44 +00:00 
svn path=/head/; revision=25200
3 changed files with 18 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
sys/fs/procfs/procfs_ctl.c
View File

@ -37,7 +37,7 @@
* @(#)procfs_ctl.c 8.4 (Berkeley) 6/15/94
*
* From:
* $Id: procfs_ctl.c,v 1.13 1997/02/22 09:40:27 peter Exp $
* $Id: procfs_ctl.c,v 1.14 1997/03/24 11:24:40 bde Exp $
*/
#include <sys/param.h>
@ -52,6 +52,7 @@
#include <sys/signal.h>
#include <sys/signalvar.h>
#include <sys/ptrace.h>
#include <sys/systm.h>
#include <miscfs/procfs/procfs.h>
#include <vm/vm.h>
@ -130,6 +131,10 @@ procfs_control(curp, p, op)
if (p->p_pid == curp->p_pid)
return (EINVAL);
/* can't trace init when securelevel > 0 */
if (securelevel > 0 && p->p_pid == 1)
return (EPERM);
/*
* Go ahead and set the trace flag.
* Save the old parent (it's reset in

7
sys/kern/sys_process.c
View File

@ -28,7 +28,7 @@
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* $Id$
* $Id: sys_process.c,v 1.27 1997/02/22 09:39:20 peter Exp $
*/
#include <sys/param.h>
@ -39,6 +39,7 @@
#include <sys/ptrace.h>
#include <sys/errno.h>
#include <sys/queue.h>
#include <sys/systm.h>
#include <machine/reg.h>
#include <machine/psl.h>
@ -250,6 +251,10 @@ ptrace(curp, uap, retval)
return error;
}
/* can't trace init when securelevel > 0 */
if (securelevel > 0 && p->p_pid == 1)
return EPERM;
/* OK */
break;

7
sys/miscfs/procfs/procfs_ctl.c
View File

@ -37,7 +37,7 @@
* @(#)procfs_ctl.c 8.4 (Berkeley) 6/15/94
*
* From:
* $Id: procfs_ctl.c,v 1.13 1997/02/22 09:40:27 peter Exp $
* $Id: procfs_ctl.c,v 1.14 1997/03/24 11:24:40 bde Exp $
*/
#include <sys/param.h>
@ -52,6 +52,7 @@
#include <sys/signal.h>
#include <sys/signalvar.h>
#include <sys/ptrace.h>
#include <sys/systm.h>
#include <miscfs/procfs/procfs.h>
#include <vm/vm.h>
@ -130,6 +131,10 @@ procfs_control(curp, p, op)
if (p->p_pid == curp->p_pid)
return (EINVAL);
/* can't trace init when securelevel > 0 */
if (securelevel > 0 && p->p_pid == 1)
return (EPERM);
/*
* Go ahead and set the trace flag.
* Save the old parent (it's reset in