diff options
author | sobomax <sobomax@FreeBSD.org> | 2005-02-13 17:37:20 +0000 |
---|---|---|
committer | sobomax <sobomax@FreeBSD.org> | 2005-02-13 17:37:20 +0000 |
commit | 52ae2ac0b9537da952af95dbcdec320bb0fde83b (patch) | |
tree | de46110994a0c19fc18c0e1c594389839015456e /sys/kern | |
parent | 29d152dbfd1048f4b7757558292eb64dc98f0d8b (diff) | |
download | FreeBSD-src-52ae2ac0b9537da952af95dbcdec320bb0fde83b.zip FreeBSD-src-52ae2ac0b9537da952af95dbcdec320bb0fde83b.tar.gz |
Backout previous change (disabling of security checks for signals delivered
in emulation layers), since it appears to be too broad.
Requested by: rwatson
Diffstat (limited to 'sys/kern')
-rw-r--r-- | sys/kern/kern_prot.c | 9 | ||||
-rw-r--r-- | sys/kern/kern_sig.c | 33 |
2 files changed, 16 insertions, 26 deletions
diff --git a/sys/kern/kern_prot.c b/sys/kern/kern_prot.c index d989ab3..21f277f 100644 --- a/sys/kern/kern_prot.c +++ b/sys/kern/kern_prot.c @@ -1427,7 +1427,7 @@ SYSCTL_INT(_security_bsd, OID_AUTO, conservative_signals, CTLFLAG_RW, * References: cred and proc must be valid for the lifetime of the call. */ int -cr_cansignal(struct ucred *cred, struct proc *proc, int signum, int pedantic) +cr_cansignal(struct ucred *cred, struct proc *proc, int signum) { int error; @@ -1453,7 +1453,7 @@ cr_cansignal(struct ucred *cred, struct proc *proc, int signum, int pedantic) * bit on the target process. If the bit is set, then additional * restrictions are placed on the set of available signals. */ - if (conservative_signals && (proc->p_flag & P_SUGID) && pedantic) { + if (conservative_signals && (proc->p_flag & P_SUGID)) { switch (signum) { case 0: case SIGKILL: @@ -1467,6 +1467,7 @@ cr_cansignal(struct ucred *cred, struct proc *proc, int signum, int pedantic) case SIGHUP: case SIGUSR1: case SIGUSR2: + case SIGTHR: /* * Generally, permit job and terminal control * signals. @@ -1507,7 +1508,7 @@ cr_cansignal(struct ucred *cred, struct proc *proc, int signum, int pedantic) * References: td and p must be valid for the lifetime of the call */ int -p_cansignal(struct thread *td, struct proc *p, int signum, int pedantic) +p_cansignal(struct thread *td, struct proc *p, int signum) { KASSERT(td == curthread, ("%s: td not curthread", __func__)); @@ -1524,7 +1525,7 @@ p_cansignal(struct thread *td, struct proc *p, int signum, int pedantic) if (signum == SIGCONT && td->td_proc->p_session == p->p_session) return (0); - return (cr_cansignal(td->td_ucred, p, signum, pedantic)); + return (cr_cansignal(td->td_ucred, p, signum)); } /*- diff --git a/sys/kern/kern_sig.c b/sys/kern/kern_sig.c index 0974801..2889adb 100644 --- a/sys/kern/kern_sig.c +++ b/sys/kern/kern_sig.c @@ -82,8 +82,7 @@ __FBSDID("$FreeBSD$"); static int coredump(struct thread *); static char *expand_name(const char *, uid_t, pid_t); -static int killpg1(struct thread *td, int sig, int pgid, int all, - int pedantic); +static int killpg1(struct thread *td, int sig, int pgid, int all); static int issignal(struct thread *p); static int sigprop(int sig); static void stop(struct proc *); @@ -1300,9 +1299,9 @@ kern_sigaltstack(struct thread *td, stack_t *ss, stack_t *oss) * cp is calling process. */ static int -killpg1(td, sig, pgid, all, pedantic) +killpg1(td, sig, pgid, all) register struct thread *td; - int sig, pgid, all, pedantic; + int sig, pgid, all; { register struct proc *p; struct pgrp *pgrp; @@ -1320,7 +1319,7 @@ killpg1(td, sig, pgid, all, pedantic) PROC_UNLOCK(p); continue; } - if (p_cansignal(td, p, sig, pedantic) == 0) { + if (p_cansignal(td, p, sig) == 0) { nfound++; if (sig) psignal(p, sig); @@ -1345,12 +1344,12 @@ killpg1(td, sig, pgid, all, pedantic) } sx_sunlock(&proctree_lock); LIST_FOREACH(p, &pgrp->pg_members, p_pglist) { - PROC_LOCK(p); + PROC_LOCK(p); if (p->p_pid <= 1 || p->p_flag & P_SYSTEM) { PROC_UNLOCK(p); continue; } - if (p_cansignal(td, p, sig, pedantic) == 0) { + if (p_cansignal(td, p, sig) == 0) { nfound++; if (sig) psignal(p, sig); @@ -1377,16 +1376,6 @@ kill(td, uap) register struct thread *td; register struct kill_args *uap; { - - return kern_kill(td, uap, 1); -} - -int -kern_kill(td, uap, pedantic) - struct thread *td; - struct kill_args *uap; - int pedantic; -{ register struct proc *p; int error; @@ -1399,7 +1388,7 @@ kern_kill(td, uap, pedantic) if ((p = zpfind(uap->pid)) == NULL) return (ESRCH); } - error = p_cansignal(td, p, uap->signum, pedantic); + error = p_cansignal(td, p, uap->signum); if (error == 0 && uap->signum) psignal(p, uap->signum); PROC_UNLOCK(p); @@ -1407,11 +1396,11 @@ kern_kill(td, uap, pedantic) } switch (uap->pid) { case -1: /* broadcast signal */ - return (killpg1(td, uap->signum, 0, 1, pedantic)); + return (killpg1(td, uap->signum, 0, 1)); case 0: /* signal own process group */ - return (killpg1(td, uap->signum, 0, 0, pedantic)); + return (killpg1(td, uap->signum, 0, 0)); default: /* negative explicit process group */ - return (killpg1(td, uap->signum, -uap->pid, 0, pedantic)); + return (killpg1(td, uap->signum, -uap->pid, 0)); } /* NOTREACHED */ } @@ -1435,7 +1424,7 @@ okillpg(td, uap) if ((u_int)uap->signum > _SIG_MAXSIG) return (EINVAL); - return (killpg1(td, uap->signum, uap->pgid, 0, 1)); + return (killpg1(td, uap->signum, uap->pgid, 0)); } #endif /* COMPAT_43 */ |