diff options
| author | sobomax <sobomax@FreeBSD.org> | 2005-02-13 16:42:08 +0000 |
|---|---|---|
| committer | sobomax <sobomax@FreeBSD.org> | 2005-02-13 16:42:08 +0000 |
| commit | 1d558007d0e84104e9e49a8c08e4a4f6faad3a81 (patch) | |
| tree | 55af5c404f315b928f52273e849b0e73080b7f0d /sys/kern/kern_prot.c | |
| parent | 5775bba72ee8cddb1a59602a8d654da0e8f4e1b3 (diff) | |
| download | FreeBSD-src-1d558007d0e84104e9e49a8c08e4a4f6faad3a81.zip FreeBSD-src-1d558007d0e84104e9e49a8c08e4a4f6faad3a81.tar.gz | |
Split out kill(2) syscall service routine into user-level and kernel part, the
former is callable from user space and the latter from the kernel one. Make
kernel version take additional argument which tells if the respective call
should check for additional restrictions for sending signals to suid/sugid
applications or not.
Make all emulation layers using non-checked version, since signal numbers in
emulation layers can have different meaning that in native mode and such
protection can cause misbehaviour.
As a result remove LIBTHR from the signals allowed to be delivered to a
suid/sugid application.
Requested (sorta) by: rwatson
MFC after: 2 weeks
Diffstat (limited to 'sys/kern/kern_prot.c')
| -rw-r--r-- | sys/kern/kern_prot.c | 9 |
1 files changed, 4 insertions, 5 deletions
diff --git a/sys/kern/kern_prot.c b/sys/kern/kern_prot.c index 21f277f..d989ab3 100644 --- a/sys/kern/kern_prot.c +++ b/sys/kern/kern_prot.c @@ -1427,7 +1427,7 @@ SYSCTL_INT(_security_bsd, OID_AUTO, conservative_signals, CTLFLAG_RW, * References: cred and proc must be valid for the lifetime of the call. */ int -cr_cansignal(struct ucred *cred, struct proc *proc, int signum) +cr_cansignal(struct ucred *cred, struct proc *proc, int signum, int pedantic) { int error; @@ -1453,7 +1453,7 @@ cr_cansignal(struct ucred *cred, struct proc *proc, int signum) * bit on the target process. If the bit is set, then additional * restrictions are placed on the set of available signals. */ - if (conservative_signals && (proc->p_flag & P_SUGID)) { + if (conservative_signals && (proc->p_flag & P_SUGID) && pedantic) { switch (signum) { case 0: case SIGKILL: @@ -1467,7 +1467,6 @@ cr_cansignal(struct ucred *cred, struct proc *proc, int signum) case SIGHUP: case SIGUSR1: case SIGUSR2: - case SIGTHR: /* * Generally, permit job and terminal control * signals. @@ -1508,7 +1507,7 @@ cr_cansignal(struct ucred *cred, struct proc *proc, int signum) * References: td and p must be valid for the lifetime of the call */ int -p_cansignal(struct thread *td, struct proc *p, int signum) +p_cansignal(struct thread *td, struct proc *p, int signum, int pedantic) { KASSERT(td == curthread, ("%s: td not curthread", __func__)); @@ -1525,7 +1524,7 @@ p_cansignal(struct thread *td, struct proc *p, int signum) if (signum == SIGCONT && td->td_proc->p_session == p->p_session) return (0); - return (cr_cansignal(td->td_ucred, p, signum)); + return (cr_cansignal(td->td_ucred, p, signum, pedantic)); } /*- |
