#include <vm/vm_protos.h> /* cs_allow_invalid() */
+#include <pexpert/pexpert.h>
+
/* XXX ken/bsd_kern.c - prototype should be in common header */
int get_task_userstop(task_t);
struct proc *pproc=proc_find(p->p_oppid);
proc_unlock(p);
cs_allow_invalid(p);
- cs_allow_invalid(pproc);
- proc_rele(pproc);
+ if(pproc) {
+ cs_allow_invalid(pproc);
+ proc_rele(pproc);
+ }
return(0);
}
if (uap->req == PT_SIGEXC) {
* is resumed by adding NSIG to p_cursig. [see issig]
*/
proc_unlock(t);
+#if NOTYET
+ error = mac_proc_check_signal(p, t, SIGKILL);
+ if (0 != error)
+ goto resume;
+#endif
psignal(t, SIGKILL);
goto resume;
goto out;
}
+ /* force use of Mach SPIs (and task_for_pid security checks) to adjust PC */
if (uap->addr != (user_addr_t)1) {
-#if defined(ppc)
-#define ALIGNED(addr,size) (((unsigned)(addr)&((size)-1))==0)
- if (!ALIGNED((int)uap->addr, sizeof(int)))
- return (ERESTART);
-#undef ALIGNED
-#endif
- thread_setentrypoint(th_act, uap->addr);
+ error = ENOTSUP;
+ goto out;
}
if ((unsigned)uap->data >= NSIG) {
if (uap->req == PT_STEP) {
/*
- * set trace bit
+ * set trace bit
+ * we use sending SIGSTOP as a comparable security check.
*/
+#if NOTYET
+ error = mac_proc_check_signal(p, t, SIGSTOP);
+ if (0 != error) {
+ goto out;
+ }
+#endif
if (thread_setsinglestep(th_act, 1) != KERN_SUCCESS) {
error = ENOTSUP;
goto out;
} else {
/*
* clear trace bit if on
+ * we use sending SIGCONT as a comparable security check.
*/
+#if NOTYET
+ error = mac_proc_check_signal(p, t, SIGCONT);
+ if (0 != error) {
+ goto out;
+ }
+#endif
if (thread_setsinglestep(th_act, 0) != KERN_SUCCESS) {
error = ENOTSUP;
goto out;
* (3) it's not owned by you, or is set-id on exec
* (unless you're root).
*/
- if ((creds->cr_ruid != proc_ucred(traced_procp)->cr_ruid ||
+ if ((kauth_cred_getruid(creds) != kauth_cred_getruid(proc_ucred(traced_procp)) ||
ISSET(traced_procp->p_flag, P_SUGID)) &&
(my_err = suser(creds, &cur_procp->p_acflag)) != 0) {
*errp = my_err;
projects / apple / xnu.git / blobdiff