Date: Sun, 13 Feb 2005 19:59:07 +0200 From: Maxim Sobolev <sobomax@portaone.com> To: Robert Watson <rwatson@FreeBSD.ORG> Cc: cvs-all@FreeBSD.ORG Subject: Re: cvs commit: src/sys/i386/ibcs2 ibcs2_signal.c src/sys/kern kern_prot.c kern_sig.c src/sys/compat/linux linux_signal.c src/sys/compat/svr4 svr4_signal.c src/sys/sys proc.h syscallsubr.h src/sys/alpha/osf1 osf1_signal.c Message-ID: <420F956B.2080804@portaone.com> In-Reply-To: <Pine.NEB.3.96L.1050213173708.43822B-100000@fledge.watson.org> References: <Pine.NEB.3.96L.1050213173708.43822B-100000@fledge.watson.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Robert Watson wrote: > On Sun, 13 Feb 2005, Maxim Sobolev wrote: > > >> Backout previous change (disabling of security checks for signals delivered >> in emulation layers), since it appears to be too broad. >> >> Requested by: rwatson > > > Thanks, and sorry if I was a bit too fierce. This is not the first nit > we've run into with the more conservative signal protections, which is why > there's a sysctl to disable them in the first place. However, I think > they contribute usefully to security, so I'd rather augment them to be a > bit more context-aware and permit what's necessary, while avoiding more > sweeping granting of permission. OK, you have nothing to be sorry about. You have much more knowelledge in this domain than I, so that I really appreciate your review and analysis. -Maxim
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?420F956B.2080804>