diff options
| author | rwatson <rwatson@FreeBSD.org> | 2002-01-06 00:54:46 +0000 |
|---|---|---|
| committer | rwatson <rwatson@FreeBSD.org> | 2002-01-06 00:54:46 +0000 |
| commit | 51a1c19396e6b403ef4ecae1b763e7b88a27900b (patch) | |
| tree | 885770f8d9575cbfd439eebcff538800a85a11a5 /sys/kern/kern_sig.c | |
| parent | 6b7ac7804da0a1604cb1c94d6797ed24eb584a44 (diff) | |
| download | FreeBSD-src-51a1c19396e6b403ef4ecae1b763e7b88a27900b.zip FreeBSD-src-51a1c19396e6b403ef4ecae1b763e7b88a27900b.tar.gz | |
- Teach SIGIO code to use cr_cansignal() instead of a custom CANSIGIO()
macro. As a result, mandatory signal delivery policies will be
applied consistently across the kernel.
- Note that this subtly changes the protection semantics, and we should
watch out for any resulting breakage. Previously, delivery of SIGIO
in this circumstance was limited to situations where the subject was
privileged, or where one of the subject's (ruid, euid) matched one
of the object's (ruid, euid). In the new scenario, subject (ruid, euid)
are matched against the object's (ruid, svuid), and the object uid's
must be a subset of the subject uid's. Likewise, jail now affects
delivery, and special handling for P_SUGID of the object is present.
This change can always be reversed or tweaked if it proves to disrupt
application behavior substantially.
Obtained from: TrustedBSD Project
Sponsored by: DARPA, NAI Labs
Diffstat (limited to 'sys/kern/kern_sig.c')
| -rw-r--r-- | sys/kern/kern_sig.c | 16 |
1 files changed, 3 insertions, 13 deletions
diff --git a/sys/kern/kern_sig.c b/sys/kern/kern_sig.c index cc989e0..c1f5dac 100644 --- a/sys/kern/kern_sig.c +++ b/sys/kern/kern_sig.c @@ -97,17 +97,6 @@ SYSCTL_INT(_kern, KERN_LOGSIGEXIT, logsigexit, CTLFLAG_RW, &kern_logsigexit, 0, "Log processes quitting on abnormal signals to syslog(3)"); -/* - * Policy -- Can ucred cr1 send SIGIO to process cr2? - * XXX: should use suser(), p_cansignal(). - */ -#define CANSIGIO(cr1, cr2) \ - ((cr1)->cr_uid == 0 || \ - (cr1)->cr_ruid == (cr2)->cr_ruid || \ - (cr1)->cr_uid == (cr2)->cr_ruid || \ - (cr1)->cr_ruid == (cr2)->cr_uid || \ - (cr1)->cr_uid == (cr2)->cr_uid) - int sugid_coredump; SYSCTL_INT(_kern, OID_AUTO, sugid_coredump, CTLFLAG_RW, &sugid_coredump, 0, "Enable coredumping set user/group ID processes"); @@ -2075,7 +2064,8 @@ pgsigio(sigio, sig, checkctty) if (sigio->sio_pgid > 0) { PROC_LOCK(sigio->sio_proc); - if (CANSIGIO(sigio->sio_ucred, sigio->sio_proc->p_ucred)) + if (cr_cansignal(sigio->sio_ucred, sigio->sio_proc, sig) + == 0) psignal(sigio->sio_proc, sig); PROC_UNLOCK(sigio->sio_proc); } else if (sigio->sio_pgid < 0) { @@ -2083,7 +2073,7 @@ pgsigio(sigio, sig, checkctty) LIST_FOREACH(p, &sigio->sio_pgrp->pg_members, p_pglist) { PROC_LOCK(p); - if (CANSIGIO(sigio->sio_ucred, p->p_ucred) && + if ((cr_cansignal(sigio->sio_ucred, p, sig) == 0) && (checkctty == 0 || (p->p_flag & P_CONTROLT))) psignal(p, sig); PROC_UNLOCK(p); |
