thorpej
Tue Aug 12 15:47:23 PDT 1997
Update of /cvsroot/src/sys/miscfs/procfs
In directory netbsd1:/var/slash-tmp/cvs-serv10557

Modified Files:
	procfs.h procfs_fpregs.c procfs_mem.c procfs_regs.c 
	procfs_subr.c procfs_vnops.c 
Log Message:
Fix the procfs hole described on current-users, similar to a fix for
FreeBSD by Sean Eric Fagan, but a bit different.  This makes the checks
in the same places as sef's FreeBSD patch, but does not hardcode the
"kmem" group into the kernel, and also does a check identical to the
(3) and (4) checks in the NetBSD ptrace(2):

	(1) it's not owned by you, or is set-id on exec (unless
	    you're root), or

	(2) it's init, which controls the security level of the
	    entire system, and the system was not compiled with
	    permanently insecure mode turned on.