Date: Wed, 19 Feb 1997 06:24:57 -0800 From: David Greenman <dg@root.com> To: Andrew Kosyakov <caseq@magrathea.chance.ru>, rbezuide@oskar.nanoteq.co.za, jas@flyingfox.COM, security@freebsd.org Subject: Re: Coredumps and setuids .. interesting.. Message-ID: <199702191424.GAA12408@root.com> In-Reply-To: Your message of "Wed, 19 Feb 1997 05:37:20 PST." <199702191337.FAA12198@root.com>
next in thread | previous in thread | raw e-mail | index | archive | help
>>Why, it would be unwise of it to close data base before dropping root
>>privileges (and in this case it will be impossible at all), and I won't be
>>able to send any signal to it unless it drops privileges. The case when it
>
> A process running with set*id privileges doesn't mean that it can't receive
>signals while it has them effective. In fact it can, the only requirement is
>that the real uid of the process and the uid of the process sending the
>signal be the same, and they will be in either case.
A correction...the signal sender need only match *either* the real or
effective uid of the signal receiver. From the manual page:
For a process to have permission to send a signal to a process designated
by pid, the real or effective user ID of the receiving process must match
that of the sending process or the user must have appropriate privileges
(such as given by a set-user-ID program or the user is the super-user).
A single exception is the signal SIGCONT, which may always be sent to any
descendant of the current process.
I actually didn't know it was this open until I read the manual page. I
believe this behavior is required by POSIX, so it's not likely something
that we would want to change.
-DG
David Greenman
Core-team/Principal Architect, The FreeBSD Project
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199702191424.GAA12408>