Date: Sun, 13 Feb 2005 17:38:39 +0000 (GMT) From: Robert Watson <rwatson@FreeBSD.org> To: Maxim Sobolev <sobomax@FreeBSD.org> Cc: cvs-all@FreeBSD.org Subject: Re: cvs commit: src/sys/i386/ibcs2 ibcs2_signal.c src/sys/kern kern_prot.c kern_sig.c src/sys/compat/linux linux_signal.c src/sys/compat/svr4 svr4_signal.c src/sys/sys proc.h syscallsubr.h src/sys/alpha/osf1 osf1_signal.c Message-ID: <Pine.NEB.3.96L.1050213173708.43822B-100000@fledge.watson.org> In-Reply-To: <200502131737.j1DHbKaM017082@repoman.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, 13 Feb 2005, Maxim Sobolev wrote: > Backout previous change (disabling of security checks for signals delivered > in emulation layers), since it appears to be too broad. > > Requested by: rwatson Thanks, and sorry if I was a bit too fierce. This is not the first nit we've run into with the more conservative signal protections, which is why there's a sysctl to disable them in the first place. However, I think they contribute usefully to security, so I'd rather augment them to be a bit more context-aware and permit what's necessary, while avoiding more sweeping granting of permission. Robert N M Watson
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.NEB.3.96L.1050213173708.43822B-100000>