DragonFlyBSD Kernel Audit
DF-0015 / fix.diff
← back to finding ↓ download raw
diff --git a/sys/kern/kern_proc.c b/sys/kern/kern_proc.c
index 0000000..1111111 100644
--- a/sys/kern/kern_proc.c
+++ b/sys/kern/kern_proc.c
@@ -2086,6 +2086,7 @@
 	char *retbuf, *freebuf;
 	int error = 0;
 	struct nchandle nch;
+	struct ucred *cr1 = curproc->p_ucred;
 
 	if (arglen != 1)
 		return (EINVAL);
@@ -2095,6 +2096,17 @@
 		p = pfind(*pidp);
 		if (p == NULL)
 			return (ESRCH);
+		/*
+		 * Apply the same inter-process visibility gate used by the
+		 * args (kern_proc.c:1897) and cwd (kern_proc.c:2052) handlers,
+		 * so an admin can hide other processes' exe path via
+		 * kern.ps_argsopen=0.  Otherwise the pathname node leaks the
+		 * resolved executable path of any process to any user.
+		 */
+		if ((!ps_argsopen) && p_trespass(cr1, p->p_ucred)) {
+			PRELE(p);
+			return (EPERM);
+		}
 	}
 	lwkt_gettoken_shared(&p->p_token);	/* deal with exit race */
 	if (p->p_textnch.ncp) {