tech-security: Re: ktrace and P

Subject: Re: ktrace and P_SUGID
To: None <sjg@crufty.net>
From: None <cgd@broadcom.com>
List: tech-security
Date: 06/29/2002 10:02:33

At Sat, 29 Jun 2002 08:44:20 +0000 (UTC), "Simon J. Gerraty" wrote:
> >	if ((caller->pc_ucred->cr_uid == target->p_ruid &&
> >	     target->p_ruid == target->p_svuid &&
> >	     caller->p_rgid == target->p_rgid &&        /* XXX */
> >	     target->p_rgid == target->p_svgid &&
> >	     (targetp->p_traceflag & KTRFAC_ROOT) == 0 &&
> >	     (targetp->p_flag & P_SUGID) == 0) ||
> >	     caller->pc_ucred->cr_uid == 0)		<----
> >		return (1);
> 
> Hmm, wouldn't it be better to test caller->pc_ucred->cr_uid == 0
> first?

no, it wouldn't, but only because the existing check is incorrect.  8-)

it should be a call to suser() rather than a simple check that uid ==
0, and it should be at the end (in the same location as the current
test).


cgd