cvs diff: Diffing .
Index: procfs.h
===================================================================
RCS file: /spare/freebsd/ncvs/src/sys/fs/procfs/procfs.h,v
retrieving revision 1.35
diff -u -r1.35 procfs.h
--- procfs.h	2001/04/24 00:51:50	1.35
+++ procfs.h	2001/08/03 16:43:16
@@ -88,8 +88,6 @@
 	 ((cnp)->cn_namelen == (len) && \
 	  (bcmp((s), (cnp)->cn_nameptr, (len)) == 0))
 
-#define KMEM_GROUP 2
-
 #define PROCFS_FILENO(pid, type) \
 	(((type) < Pproc) ? \
 			((type) + 2) : \
Index: procfs_mem.c
===================================================================
RCS file: /spare/freebsd/ncvs/src/sys/fs/procfs/procfs_mem.c,v
retrieving revision 1.52
diff -u -r1.52 procfs_mem.c
--- procfs_mem.c	2001/07/05 17:10:42	1.52
+++ procfs_mem.c	2001/08/03 14:45:54
@@ -247,26 +247,14 @@
 	struct pfsnode *pfs;
 	struct uio *uio;
 {
+	int error;
 
 	if (uio->uio_resid == 0)
 		return (0);
 
- 	/*
- 	 * XXX
- 	 * We need to check for KMEM_GROUP because ps is sgid kmem;
- 	 * not allowing it here causes ps to not work properly.  Arguably,
- 	 * this is a bug with what ps does.  We only need to do this
- 	 * for Pmem nodes, and only if it's reading.  This is still not
- 	 * good, as it may still be possible to grab illicit data if
- 	 * a process somehow gets to be KMEM_GROUP.  Note that this also
- 	 * means that KMEM_GROUP can't change without editing procfs.h!
- 	 * All in all, quite yucky.
- 	 */
- 
- 	if (p_candebug(curp, p) &&
-	    !(uio->uio_rw == UIO_READ &&
-	      procfs_kmemaccess(curp)))
- 		return EPERM;
+	error = p_candebug(curp, p);
+	if (error)
+		return (error);
 
 	return (procfs_rwmem(curp, p, uio));
 }
@@ -302,22 +290,4 @@
 {
 
 	return (p->p_textvp);
-}
-
-int procfs_kmemaccess(curp)
-	struct proc *curp;
-{
-	int i;
-	struct ucred *cred;
-
-	cred = curp->p_ucred;
-	if (suser(curp))
-		return 1;
-
-	/* XXX: Why isn't this done with file-perms ??? */
-	for (i = 0; i < cred->cr_ngroups; i++)
-		if (cred->cr_groups[i] == KMEM_GROUP)	
-			return 1;
-	
-	return 0;
 }
Index: procfs_vnops.c
===================================================================
RCS file: /spare/freebsd/ncvs/src/sys/fs/procfs/procfs_vnops.c,v
retrieving revision 1.99
diff -u -r1.99 procfs_vnops.c
--- procfs_vnops.c	2001/07/05 17:10:43	1.99
+++ procfs_vnops.c	2001/08/03 16:44:31
@@ -157,10 +157,9 @@
 		}
 
 		p1 = ap->a_p;
-		if (p_candebug(p1, p2) &&
-		    !procfs_kmemaccess(p1)) {
-			error = EPERM;
-		}
+		error = p_candebug(p1, p2);
+		if (error)
+			return (error);
 
 		if (ap->a_mode & FWRITE)
 			pfs->pfs_flags = ap->a_mode & (FWRITE|O_EXCL);
@@ -456,7 +455,6 @@
 					  ((VREAD|VWRITE)>>6));
 		break;
 	case Pmem:
-		/* Retain group kmem readablity. */
 		PROC_LOCK(procp);
 		if (procp->p_flag & P_SUGID)
 			vap->va_mode &= ~(VREAD|VWRITE);
@@ -528,6 +526,8 @@
 		 * If we denied owner access earlier, then we have to
 		 * change the owner to root - otherwise 'ps' and friends
 		 * will break even though they are setgid kmem. *SIGH*
+		 * XXX: ps and friends are no longer setgid kmem, why
+		 * is this needed?
 		 */
 		PROC_LOCK(procp);
 		if (procp->p_flag & P_SUGID)
@@ -535,7 +535,6 @@
 		else
 			vap->va_uid = procp->p_ucred->cr_uid;
 		PROC_UNLOCK(procp);
-		vap->va_gid = KMEM_GROUP;
 		break;
 
 	case Pregs: