From owner-freebsd-stable@FreeBSD.ORG Mon Apr 3 04:37:16 2006 Return-Path: X-Original-To: freebsd-stable@freebsd.org Delivered-To: freebsd-stable@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 45B9716A422 for ; Mon, 3 Apr 2006 04:37:16 +0000 (UTC) (envelope-from thompsa@freebsd.org) Received: from dbmail-mx1.orcon.net.nz (loadbalancer1.orcon.net.nz [219.88.242.3]) by mx1.FreeBSD.org (Postfix) with ESMTP id 1CE1743D48 for ; Mon, 3 Apr 2006 04:37:14 +0000 (GMT) (envelope-from thompsa@freebsd.org) Received-SPF: none Received: from heff.fud.org.nz (60-234-149-201.bitstream.orcon.net.nz [60.234.149.201]) by dbmail-mx1.orcon.net.nz (8.13.6/8.13.6/Debian-1) with SMTP id k334buA3007199; Mon, 3 Apr 2006 16:37:57 +1200 Received: by heff.fud.org.nz (Postfix, from userid 1001) id BEC7A1CC38; Mon, 3 Apr 2006 16:37:11 +1200 (NZST) Date: Mon, 3 Apr 2006 16:37:11 +1200 From: Andrew Thompson To: "Marc G. Fournier" Message-ID: <20060403043711.GB76193@heff.fud.org.nz> References: <20060402232832.M947@ganymede.hub.org> <20060402234459.Y947@ganymede.hub.org> <27417.1144033691@sss.pgh.pa.us> <20060403031157.GA57914@xor.obsecurity.org> <27515.1144034269@sss.pgh.pa.us> <20060403032130.GA58053@xor.obsecurity.org> <20060403002830.W947@ganymede.hub.org> <20060403034101.GA58429@xor.obsecurity.org> <20060403035911.GA76193@heff.fud.org.nz> <20060403011401.I947@ganymede.hub.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20060403011401.I947@ganymede.hub.org> User-Agent: Mutt/1.5.11 X-Virus-Scanned: ClamAV version 0.88, clamav-milter version 0.87 on dbmail-mx1.orcon.net.nz X-Virus-Status: Clean Cc: freebsd-stable@freebsd.org, Kris Kennaway Subject: Re: [HACKERS] semaphore usage "port based"? X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 03 Apr 2006 04:37:16 -0000 On Mon, Apr 03, 2006 at 01:23:59AM -0300, Marc G. Fournier wrote: > > taking it off of pgsql-hackers, so that we don't annoy them unnecessarily > ... > > 'k, looking at the code, not that most of it doesn't go over my head ... > but ... > > in kern/kern_jail.c, I can see the prison_check() call ... wouldn't one > want to make the change a bit further up? say in kern_prot.c? wouldn't > you want to change just cr_cansignal() to allow *just* for 'case 0', when > someone is just checking to see if a process is already running? I > wouldn't want to be able to SIGKILL the process from a different jail, > mind you ... maybe move the check for SIG0 to just before the > prison_check, since, unless I'm missing something, other then determining > that a process is, in fact, running, SIG0 is a benign signal? > I think the suggestion was to make this EPERM rather than ESRCH to make postgres a bit happier, not remove the check entirely. Im not familiar with that part of the kernel at all, so I cant say what the consequences will be apart from the obvious information leak. Andrew