diff options
| author | cinap_lenrek <cinap_lenrek@felloff.net> | 2013-12-31 12:23:55 +0100 |
|---|---|---|
| committer | cinap_lenrek <cinap_lenrek@felloff.net> | 2013-12-31 12:23:55 +0100 |
| commit | 0feb6e06af1e48c2b1a937c6a593fceeafd728d2 (patch) | |
| tree | fa2b0fa14a64fb199e0f9bbd1ca9af72d297da55 | |
| parent | 00ff4beaa76fb3dde4d1222408d1308f4077dde1 (diff) | |
devproc: fix noteid permission checks for none
make sure noteid is valid (>0).
prohibit changing note group of kernel processes. this is also
checked for in pgrpnote().
prevent "none" user from changing its note group to another "none"
sessions. this would allow him to send notes other none processes
other than its own.
| -rw-r--r-- | sys/src/9/port/devproc.c | 7 |
1 files changed, 6 insertions, 1 deletions
diff --git a/sys/src/9/port/devproc.c b/sys/src/9/port/devproc.c index 11a04bb55..2207a627a 100644 --- a/sys/src/9/port/devproc.c +++ b/sys/src/9/port/devproc.c @@ -1136,16 +1136,21 @@ procwrite(Chan *c, void *va, long n, vlong off) error("note not posted"); break; case Qnoteid: + if(p->kp) + error(Eperm); id = atoi(a); + if(id <= 0) + error(Ebadarg); if(id == p->pid) { p->noteid = id; break; } t = proctab(0); for(et = t+conf.nproc; t < et; t++) { - if(t->state == Dead) + if(t->state == Dead || t->kp) continue; if(id == t->noteid) { + nonone(t); if(strcmp(p->user, t->user) != 0) error(Eperm); p->noteid = id; |