Apply by doing: cd /usr/src patch -p0 < 005_ptrace.patch Then build and install a new kernel. Index: sys/compat/hpux/hpux_compat.c =================================================================== RCS file: /cvs/src/sys/compat/hpux/hpux_compat.c,v retrieving revision 1.30 retrieving revision 1.30.6.1 diff -u -p -r1.30 -r1.30.6.1 --- sys/compat/hpux/hpux_compat.c 1 Nov 2008 05:59:21 -0000 1.30 +++ sys/compat/hpux/hpux_compat.c 29 Jan 2010 21:33:13 -0000 1.30.6.1 @@ -1,4 +1,4 @@ -/* $OpenBSD: hpux_compat.c,v 1.30 2008/11/01 05:59:21 deraadt Exp $ */ +/* $OpenBSD: hpux_compat.c,v 1.30.6.1 2010/01/29 21:33:13 sthen Exp $ */ /* $NetBSD: hpux_compat.c,v 1.35 1997/05/08 16:19:48 mycroft Exp $ */ /* @@ -966,7 +966,7 @@ hpux_sys_getpgrp2(cp, v, retval) if (p == 0) return (ESRCH); if (cp->p_ucred->cr_uid && p->p_ucred->cr_uid != cp->p_ucred->cr_uid && - !inferior(p)) + !inferior(p, cp)) return (EPERM); *retval = p->p_pgid; return (0); Index: sys/sys/proc.h =================================================================== RCS file: /cvs/src/sys/sys/proc.h,v retrieving revision 1.119 retrieving revision 1.119.4.1 diff -u -p -r1.119 -r1.119.4.1 --- sys/sys/proc.h 5 Jun 2009 00:30:05 -0000 1.119 +++ sys/sys/proc.h 29 Jan 2010 21:33:13 -0000 1.119.4.1 @@ -1,4 +1,4 @@ -/* $OpenBSD: proc.h,v 1.119 2009/06/05 00:30:05 guenther Exp $ */ +/* $OpenBSD: proc.h,v 1.119.4.1 2010/01/29 21:33:13 sthen Exp $ */ /* $NetBSD: proc.h,v 1.44 1996/04/22 01:23:21 christos Exp $ */ /*- @@ -417,7 +417,7 @@ int chgproccnt(uid_t uid, int diff); int enterpgrp(struct proc *p, pid_t pgid, struct pgrp *newpgrp, struct session *newsess); void fixjobc(struct proc *p, struct pgrp *pgrp, int entering); -int inferior(struct proc *p); +int inferior(struct proc *, struct proc *); int leavepgrp(struct proc *p); void yield(void); void preempt(struct proc *); Index: sys/kern/kern_proc.c =================================================================== RCS file: /cvs/src/sys/kern/kern_proc.c,v retrieving revision 1.40 retrieving revision 1.40.4.1 diff -u -p -r1.40 -r1.40.4.1 --- sys/kern/kern_proc.c 15 Apr 2009 10:47:46 -0000 1.40 +++ sys/kern/kern_proc.c 29 Jan 2010 21:33:13 -0000 1.40.4.1 @@ -1,4 +1,4 @@ -/* $OpenBSD: kern_proc.c,v 1.40 2009/04/15 10:47:46 art Exp $ */ +/* $OpenBSD: kern_proc.c,v 1.40.4.1 2010/01/29 21:33:13 sthen Exp $ */ /* $NetBSD: kern_proc.c,v 1.14 1996/02/09 18:59:41 christos Exp $ */ /* @@ -151,14 +151,14 @@ chgproccnt(uid_t uid, int diff) } /* - * Is p an inferior of the current process? + * Is p an inferior of parent? */ int -inferior(struct proc *p) +inferior(struct proc *p, struct proc *parent) { - for (; p != curproc; p = p->p_pptr) - if (p->p_pid == 0) + for (; p != parent; p = p->p_pptr) + if (p->p_pid == 0 || p->p_pid == 1) return (0); return (1); } Index: sys/kern/kern_prot.c =================================================================== RCS file: /cvs/src/sys/kern/kern_prot.c,v retrieving revision 1.39 retrieving revision 1.39.4.1 diff -u -p -r1.39 -r1.39.4.1 --- sys/kern/kern_prot.c 2 Jun 2009 20:03:59 -0000 1.39 +++ sys/kern/kern_prot.c 29 Jan 2010 21:33:13 -0000 1.39.4.1 @@ -1,4 +1,4 @@ -/* $OpenBSD: kern_prot.c,v 1.39 2009/06/02 20:03:59 guenther Exp $ */ +/* $OpenBSD: kern_prot.c,v 1.39.4.1 2010/01/29 21:33:13 sthen Exp $ */ /* $NetBSD: kern_prot.c,v 1.33 1996/02/09 18:59:42 christos Exp $ */ /* @@ -282,7 +282,7 @@ sys_setpgid(struct proc *curp, void *v, newpgrp = pool_get(&pgrp_pool, PR_WAITOK); if (pid != 0 && pid != curp->p_pid) { - if ((targp = pfind(pid)) == 0 || !inferior(targp)) { + if ((targp = pfind(pid)) == 0 || !inferior(targp, curp)) { error = ESRCH; goto out; } Index: sys/kern/sys_process.c =================================================================== RCS file: /cvs/src/sys/kern/sys_process.c,v retrieving revision 1.43 retrieving revision 1.43.6.1 diff -u -p -r1.43 -r1.43.6.1 --- sys/kern/sys_process.c 31 Oct 2008 17:29:51 -0000 1.43 +++ sys/kern/sys_process.c 29 Jan 2010 21:33:13 -0000 1.43.6.1 @@ -1,4 +1,4 @@ -/* $OpenBSD: sys_process.c,v 1.43 2008/10/31 17:29:51 deraadt Exp $ */ +/* $OpenBSD: sys_process.c,v 1.43.6.1 2010/01/29 21:33:13 sthen Exp $ */ /* $NetBSD: sys_process.c,v 1.55 1996/05/15 06:17:47 tls Exp $ */ /*- @@ -167,6 +167,14 @@ sys_ptrace(struct proc *p, void *v, regi */ if ((t->p_pid == 1) && (securelevel > -1)) return (EPERM); + + /* + * (6) it's an ancestor of the current process and + * not init (because that would create a loop in + * the process graph). + */ + if (t->p_pid != 1 && inferior(p, t)) + return (EINVAL); break; case PT_READ_I: