Date: Sun, 13 Feb 2005 17:21:41 +0000 (GMT) From: Robert Watson <rwatson@FreeBSD.org> To: Maxim Sobolev <sobomax@portaone.com> Cc: cvs-all@FreeBSD.org Subject: Re: cvs commit: src/sys/kern kern_prot.c Message-ID: <Pine.NEB.3.96L.1050213171721.48471D-100000@fledge.watson.org> In-Reply-To: <420F851E.2090108@portaone.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, 13 Feb 2005, Maxim Sobolev wrote: > I see. I've just committed a change which solves this problem by > allowing emulation layers to bypass FreeBSD-specific security checks > during signal delivery. This makes sense since emulation layers can have > different meanings for signals and/or different security restrictions. I agree that the problem needs fixing, but I think this was entirely the wrong solution. Even if Linux processes expect the signal to have one set of semantics on the target, changing how it affects all processes isn't the right solution. Disabling a broad range of protections wasn't even necessary to accomplish this fix. I think enough information is present to do this check properly, and we should therefore do it properly. I would be happy to help review further patches to correct this problem. I also object to the name pedantic: we're not the only operating system to enforce these protections, and there have been specific vulnerabilities in the past of precisely this sort of protection are intended to address. Robert N M Watson
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.NEB.3.96L.1050213171721.48471D-100000>