one can change the note group of a process with devproc
by writing noteid file.
case Qnoteid:
id = atoi(a);
if(id == p->pid) {
p->noteid = id;
break;
}
t = proctab(0);
for(et = t+conf.nproc; t < et; t++) {
if(t->state == Dead)
continue;
if(id == t->noteid) {
if(strcmp(p->user, t->user) != 0)
error(Eperm);
p->noteid = id;
break;
}
}
if(p->noteid != id)
error(Ebadarg);
break;
the strcmp() check in that loop isnt enougth when the
user doing the write is "none" as this would allow him
to change the noteid of its process to another "none"
session and and then kill it. like for example to one
of the aux/listen procs.
the rules for "none" user is that he cant open other
processes running as "none" except its own calling
proc.
http://code.google.com/p/plan9front/source/detail?r=118280a79161c8cf42164bcc9458af7650652f91
--
cinap
