summaryrefslogtreecommitdiffstats
path: root/sys/kern/kern_prot.c
diff options
context:
space:
mode:
Diffstat (limited to 'sys/kern/kern_prot.c')
-rw-r--r--sys/kern/kern_prot.c12
1 files changed, 12 insertions, 0 deletions
diff --git a/sys/kern/kern_prot.c b/sys/kern/kern_prot.c
index 38b9042..9c6cd09 100644
--- a/sys/kern/kern_prot.c
+++ b/sys/kern/kern_prot.c
@@ -1523,6 +1523,18 @@ p_cansignal(struct thread *td, struct proc *p, int signum)
/* XXX: This will require an additional lock of some sort. */
if (signum == SIGCONT && td->td_proc->p_session == p->p_session)
return (0);
+ /*
+ * Some compat layers use SIGTHR for communications between
+ * different kernel threads of the same process, so that
+ * they are expecting that it's always possible to deliver
+ * it, even for suid applications where cr_cansignal() can
+ * deny such ability for security consideration. It should be
+ * pretty safe to do since the only way to create two processes
+ * with the same p_leader is via rfork(2).
+ */
+ if (signum == SIGTHR && td->td_proc->p_leader != NULL &&
+ td->td_proc->p_leader == p->p_leader)
+ return (0);
return (cr_cansignal(td->td_ucred, p, signum));
}
OpenPOWER on IntegriCloud