8 files changed, 36 insertions, 22 deletions
diff --git a/sys/alpha/osf1/osf1_signal.c b/sys/alpha/osf1/osf1_signal.c
index 355cb1c..7a96223 100644
--- a/sys/alpha/osf1/osf1_signal.c
+++ b/sys/alpha/osf1/osf1_signal.c
@@ -445,7 +445,7 @@ osf1_kill(td, uap)
 
 	ka.pid = uap->pid;
 	ka.signum = uap->signum;
-	return kill(td, &ka);
+	return kern_kill(td, &ka, 0);
 }
 
 
diff --git a/sys/compat/linux/linux_signal.c b/sys/compat/linux/linux_signal.c
index fc25e3f..fa4ae7b 100644
--- a/sys/compat/linux/linux_signal.c
+++ b/sys/compat/linux/linux_signal.c
@@ -435,5 +435,5 @@ linux_kill(struct thread *td, struct linux_kill_args *args)
 		tmp.signum = args->signum;
 
 	tmp.pid = args->pid;
-	return (kill(td, &tmp));
+	return (kern_kill(td, &tmp, 0));
 }
diff --git a/sys/compat/svr4/svr4_signal.c b/sys/compat/svr4/svr4_signal.c
index 1a3f7f1..2ccebd5 100644
--- a/sys/compat/svr4/svr4_signal.c
+++ b/sys/compat/svr4/svr4_signal.c
@@ -521,7 +521,7 @@ svr4_sys_kill(td, uap)
 		return (EINVAL);
 	ka.pid = uap->pid;
 	ka.signum = SVR4_SVR42BSD_SIG(uap->signum);
-	return kill(td, &ka);
+	return kern_kill(td, &ka, 0);
 }
 
 
diff --git a/sys/i386/ibcs2/ibcs2_signal.c b/sys/i386/ibcs2/ibcs2_signal.c
index b2f3393..0cb3b9a 100644
--- a/sys/i386/ibcs2/ibcs2_signal.c
+++ b/sys/i386/ibcs2/ibcs2_signal.c
@@ -437,5 +437,5 @@ ibcs2_kill(td, uap)
 		return (EINVAL);
 	ka.pid = uap->pid;
 	ka.signum = ibcs2_to_bsd_sig[_SIG_IDX(uap->signo)];
-	return kill(td, &ka);
+	return kern_kill(td, &ka, 0);
 }
diff --git a/sys/kern/kern_prot.c b/sys/kern/kern_prot.c
index 21f277f..d989ab3 100644
--- a/sys/kern/kern_prot.c
+++ b/sys/kern/kern_prot.c
@@ -1427,7 +1427,7 @@ SYSCTL_INT(_security_bsd, OID_AUTO, conservative_signals, CTLFLAG_RW,
  * References: cred and proc must be valid for the lifetime of the call.
  */
 int
-cr_cansignal(struct ucred *cred, struct proc *proc, int signum)
+cr_cansignal(struct ucred *cred, struct proc *proc, int signum, int pedantic)
 {
 	int error;
 
@@ -1453,7 +1453,7 @@ cr_cansignal(struct ucred *cred, struct proc *proc, int signum)
 	 * bit on the target process.  If the bit is set, then additional
 	 * restrictions are placed on the set of available signals.
 	 */
-	if (conservative_signals && (proc->p_flag & P_SUGID)) {
+	if (conservative_signals && (proc->p_flag & P_SUGID) && pedantic) {
 		switch (signum) {
 		case 0:
 		case SIGKILL:
@@ -1467,7 +1467,6 @@ cr_cansignal(struct ucred *cred, struct proc *proc, int signum)
 		case SIGHUP:
 		case SIGUSR1:
 		case SIGUSR2:
-		case SIGTHR:
 			/*
 			 * Generally, permit job and terminal control
 			 * signals.
@@ -1508,7 +1507,7 @@ cr_cansignal(struct ucred *cred, struct proc *proc, int signum)
  * References: td and p must be valid for the lifetime of the call
  */
 int
-p_cansignal(struct thread *td, struct proc *p, int signum)
+p_cansignal(struct thread *td, struct proc *p, int signum, int pedantic)
 {
 
 	KASSERT(td == curthread, ("%s: td not curthread", __func__));
@@ -1525,7 +1524,7 @@ p_cansignal(struct thread *td, struct proc *p, int signum)
 	if (signum == SIGCONT && td->td_proc->p_session == p->p_session)
 		return (0);
 
-	return (cr_cansignal(td->td_ucred, p, signum));
+	return (cr_cansignal(td->td_ucred, p, signum, pedantic));
 }
 
 /*-
diff --git a/sys/kern/kern_sig.c b/sys/kern/kern_sig.c
index 2889adb..0974801 100644
--- a/sys/kern/kern_sig.c
+++ b/sys/kern/kern_sig.c
@@ -82,7 +82,8 @@ __FBSDID("$FreeBSD$");
 
 static int	coredump(struct thread *);
 static char	*expand_name(const char *, uid_t, pid_t);
-static int	killpg1(struct thread *td, int sig, int pgid, int all);
+static int	killpg1(struct thread *td, int sig, int pgid, int all,
+		        int pedantic);
 static int	issignal(struct thread *p);
 static int	sigprop(int sig);
 static void	stop(struct proc *);
@@ -1299,9 +1300,9 @@ kern_sigaltstack(struct thread *td, stack_t *ss, stack_t *oss)
  * cp is calling process.
  */
 static int
-killpg1(td, sig, pgid, all)
+killpg1(td, sig, pgid, all, pedantic)
 	register struct thread *td;
-	int sig, pgid, all;
+	int sig, pgid, all, pedantic;
 {
 	register struct proc *p;
 	struct pgrp *pgrp;
@@ -1319,7 +1320,7 @@ killpg1(td, sig, pgid, all)
 				PROC_UNLOCK(p);
 				continue;
 			}
-			if (p_cansignal(td, p, sig) == 0) {
+			if (p_cansignal(td, p, sig, pedantic) == 0) {
 				nfound++;
 				if (sig)
 					psignal(p, sig);
@@ -1344,12 +1345,12 @@ killpg1(td, sig, pgid, all)
 		}
 		sx_sunlock(&proctree_lock);
 		LIST_FOREACH(p, &pgrp->pg_members, p_pglist) {
-			PROC_LOCK(p);	      
+			PROC_LOCK(p);
 			if (p->p_pid <= 1 || p->p_flag & P_SYSTEM) {
 				PROC_UNLOCK(p);
 				continue;
 			}
-			if (p_cansignal(td, p, sig) == 0) {
+			if (p_cansignal(td, p, sig, pedantic) == 0) {
 				nfound++;
 				if (sig)
 					psignal(p, sig);
@@ -1376,6 +1377,16 @@ kill(td, uap)
 	register struct thread *td;
 	register struct kill_args *uap;
 {
+
+	return kern_kill(td, uap, 1);
+}
+
+int
+kern_kill(td, uap, pedantic)
+	struct thread *td;
+	struct kill_args *uap;
+	int pedantic;
+{
 	register struct proc *p;
 	int error;
 
@@ -1388,7 +1399,7 @@ kill(td, uap)
 			if ((p = zpfind(uap->pid)) == NULL)
 				return (ESRCH);
 		}
-		error = p_cansignal(td, p, uap->signum);
+		error = p_cansignal(td, p, uap->signum, pedantic);
 		if (error == 0 && uap->signum)
 			psignal(p, uap->signum);
 		PROC_UNLOCK(p);
@@ -1396,11 +1407,11 @@ kill(td, uap)
 	}
 	switch (uap->pid) {
 	case -1:		/* broadcast signal */
-		return (killpg1(td, uap->signum, 0, 1));
+		return (killpg1(td, uap->signum, 0, 1, pedantic));
 	case 0:			/* signal own process group */
-		return (killpg1(td, uap->signum, 0, 0));
+		return (killpg1(td, uap->signum, 0, 0, pedantic));
 	default:		/* negative explicit process group */
-		return (killpg1(td, uap->signum, -uap->pid, 0));
+		return (killpg1(td, uap->signum, -uap->pid, 0, pedantic));
 	}
 	/* NOTREACHED */
 }
@@ -1424,7 +1435,7 @@ okillpg(td, uap)
 
 	if ((u_int)uap->signum > _SIG_MAXSIG)
 		return (EINVAL);
-	return (killpg1(td, uap->signum, uap->pgid, 0));
+	return (killpg1(td, uap->signum, uap->pgid, 0, 1));
 }
 #endif /* COMPAT_43 */
 
diff --git a/sys/sys/proc.h b/sys/sys/proc.h
index 52b47efe..cda4ccf 100644
--- a/sys/sys/proc.h
+++ b/sys/sys/proc.h
@@ -831,7 +831,8 @@ struct	proc *zpfind(pid_t);		/* Find zombie process by id. */
 void	adjustrunqueue(struct thread *, int newpri);
 void	ast(struct trapframe *framep);
 struct	thread *choosethread(void);
-int	cr_cansignal(struct ucred *cred, struct proc *proc, int signum);
+int	cr_cansignal(struct ucred *cred, struct proc *proc, int signum,
+	    int pedantic);
 int	enterpgrp(struct proc *p, pid_t pgid, struct pgrp *pgrp,
 	    struct session *sess);
 int	enterthispgrp(struct proc *p, struct pgrp *pgrp);
@@ -848,7 +849,8 @@ void	mi_switch(int flags, struct thread *newtd);
 int	p_candebug(struct thread *td, struct proc *p);
 int	p_cansee(struct thread *td, struct proc *p);
 int	p_cansched(struct thread *td, struct proc *p);
-int	p_cansignal(struct thread *td, struct proc *p, int signum);
+int	p_cansignal(struct thread *td, struct proc *p, int signum,
+	    int pedantic);
 struct	pargs *pargs_alloc(int len);
 void	pargs_drop(struct pargs *pa);
 void	pargs_free(struct pargs *pa);
diff --git a/sys/sys/syscallsubr.h b/sys/sys/syscallsubr.h
index a996ba7..04f007c 100644
--- a/sys/sys/syscallsubr.h
+++ b/sys/sys/syscallsubr.h
@@ -42,6 +42,7 @@ struct msqid_ds;
 struct rlimit;
 struct rusage;
 struct sockaddr;
+struct kill_args;
 struct stat;
 
 int	kern___getcwd(struct thread *td, u_char *buf, enum uio_seg bufseg,
@@ -69,6 +70,7 @@ int	kern_getitimer(struct thread *, u_int, struct itimerval *);
 int	kern_getrusage(struct thread *td, int who, struct rusage *rup);
 int	kern_getsockopt(struct thread *td, int s, int level, int name,
 	    void *optval, enum uio_seg valseg, socklen_t *valsize);
+int	kern_kill(struct thread *, struct kill_args *, int);
 int	kern_lchown(struct thread *td, char *path, enum uio_seg pathseg,
 	    int uid, int gid);
 int	kern_link(struct thread *td, char *path, char *link,