From owner-cvs-all  Sun Jan  6 14:43:47 2002
Delivered-To: cvs-all@freebsd.org
Received: from elvis.mu.org (elvis.mu.org [216.33.66.196])
	by hub.freebsd.org (Postfix) with ESMTP
	id 9726A37B400; Sun,  6 Jan 2002 14:43:40 -0800 (PST)
Received: by elvis.mu.org (Postfix, from userid 1192)
	id 5234C81E08; Sun,  6 Jan 2002 16:43:40 -0600 (CST)
Date: Sun, 6 Jan 2002 16:43:40 -0600
From: Alfred Perlstein <bright@mu.org>
To: Robert Watson <rwatson@FreeBSD.org>
Cc: cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org
Subject: Re: cvs commit: src/sys/kern kern_sig.c
Message-ID: <20020106164340.B14427@elvis.mu.org>
References: <200201060054.g060sll82060@freefall.freebsd.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2.5i
In-Reply-To: <200201060054.g060sll82060@freefall.freebsd.org>; from rwatson@FreeBSD.org on Sat, Jan 05, 2002 at 04:54:47PM -0800
Sender: owner-cvs-all@FreeBSD.ORG
Precedence: bulk
List-ID: <cvs-all.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20cvs-all>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20cvs-all>
X-Loop: FreeBSD.ORG

* Robert Watson <rwatson@FreeBSD.org> [020105 18:54] wrote:
> rwatson     2002/01/05 16:54:47 PST
> 
>   Modified files:
>     sys/kern             kern_sig.c 
>   Log:
>   - Teach SIGIO code to use cr_cansignal() instead of a custom CANSIGIO()
>     macro.  As a result, mandatory signal delivery policies will be
>     applied consistently across the kernel.
>   
>   - Note that this subtly changes the protection semantics, and we should
>     watch out for any resulting breakage.  Previously, delivery of SIGIO
>     in this circumstance was limited to situations where the subject was
>     privileged, or where one of the subject's (ruid, euid) matched one
>     of the object's (ruid, euid).  In the new scenario, subject (ruid, euid)
>     are matched against the object's (ruid, svuid), and the object uid's
>     must be a subset of the subject uid's.  Likewise, jail now affects
>     delivery, and special handling for P_SUGID of the object is present.
>     This change can always be reversed or tweaked if it proves to disrupt
>     application behavior substantially.

Please provide a report on how previous SIGIO exploits behave with
this code.  You can find mention of them in the cvs logs and most
likely at CERT.  Basically make sure you haven't opened up any races
wrt falsely sending sigio to processes one shouldn't be able to.

-- 
-Alfred Perlstein [alfred@freebsd.org]
'Instead of asking why a piece of software is using "1970s technology,"
 start asking why software is ignoring 30 years of accumulated wisdom.'
Tax deductable donations for FreeBSD: http://www.freebsdfoundation.org/

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe cvs-all" in the body of the message