diff options
| -rw-r--r-- | UPDATING | 5 | ||||
| -rw-r--r-- | sys/conf/newvers.sh | 2 | ||||
| -rw-r--r-- | sys/kern/kern_ktrace.c | 3 |
3 files changed, 7 insertions, 3 deletions
@@ -10,7 +10,7 @@ Release. This is for the 4.4 release branch. All entries since 4.4 are an itemized list of commits to this branch, numbered from the beginning. -By this count, we're at 4.4-RELEASE-p14. +By this count, we're at 4.4-RELEASE-p15. The security advisories related to various patches contain information on how to build/install a minimal set of binaries and start/stop a @@ -18,6 +18,9 @@ minimal number of processes, if possible, for that patch. For those updates that don't have an advisory, or to be safe, you can do a full build and install as described in the COMMON ITEMS section. +20020711: p15 FreeBSD-SA-02:30.ktrace + Prevent users from tracing previously privileged processes. + 20020626: p14 A fix for a buffer overflow in libc has been corrected. diff --git a/sys/conf/newvers.sh b/sys/conf/newvers.sh index 9f66f6ed8ddf..1637298d3972 100644 --- a/sys/conf/newvers.sh +++ b/sys/conf/newvers.sh @@ -36,7 +36,7 @@ TYPE="FreeBSD" REVISION="4.4" -BRANCH="RELEASE-p14" +BRANCH="RELEASE-p15" RELEASE="${REVISION}-${BRANCH}" VERSION="${TYPE} ${RELEASE}" diff --git a/sys/kern/kern_ktrace.c b/sys/kern/kern_ktrace.c index b8c91ab08ac5..6788d913f07c 100644 --- a/sys/kern/kern_ktrace.c +++ b/sys/kern/kern_ktrace.c @@ -525,7 +525,8 @@ ktrcanset(callp, targetp) target->p_ruid == target->p_svuid && caller->p_rgid == target->p_rgid && /* XXX */ target->p_rgid == target->p_svgid && - (targetp->p_traceflag & KTRFAC_ROOT) == 0) || + (targetp->p_traceflag & KTRFAC_ROOT) == 0 && + (targetp->p_flag & P_SUGID) == 0) || caller->pc_ucred->cr_uid == 0) return (1); |