From owner-freebsd-stable@FreeBSD.ORG  Mon Apr  3 12:19:02 2006
Return-Path: <owner-freebsd-stable@FreeBSD.ORG>
X-Original-To: freebsd-stable@freebsd.org
Delivered-To: freebsd-stable@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id D2B0316A41F;
	Mon,  3 Apr 2006 12:19:02 +0000 (UTC)
	(envelope-from deischen@freebsd.org)
Received: from mail.ntplx.net (mail.ntplx.net [204.213.176.10])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 7126043D55;
	Mon,  3 Apr 2006 12:19:02 +0000 (GMT)
	(envelope-from deischen@freebsd.org)
Received: from sea.ntplx.net (sea.ntplx.net [204.213.176.11])
	by mail.ntplx.net (8.13.6/8.13.6/NETPLEX) with ESMTP id k33CJ0d5017515; 
	Mon, 3 Apr 2006 08:19:00 -0400 (EDT)
Date: Mon, 3 Apr 2006 08:19:00 -0400 (EDT)
From: Daniel Eischen <deischen@freebsd.org>
X-X-Sender: eischen@sea.ntplx.net
To: Andrew Thompson <thompsa@freebsd.org>
In-Reply-To: <20060403043711.GB76193@heff.fud.org.nz>
Message-ID: <Pine.GSO.4.43.0604030817090.21105-100000@sea.ntplx.net>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
X-Virus-Scanned: by AMaViS and Clam AntiVirus (mail.ntplx.net)
Cc: "Marc G. Fournier" <scrappy@postgresql.org>, freebsd-stable@freebsd.org,
	Kris Kennaway <kris@obsecurity.org>
Subject: Re: [HACKERS] semaphore usage "port based"?
X-BeenThere: freebsd-stable@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
Reply-To: Daniel Eischen <deischen@freebsd.org>
List-Id: Production branch of FreeBSD source code <freebsd-stable.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-stable>, 
	<mailto:freebsd-stable-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-stable>
List-Post: <mailto:freebsd-stable@freebsd.org>
List-Help: <mailto:freebsd-stable-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-stable>,
	<mailto:freebsd-stable-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 03 Apr 2006 12:19:02 -0000

On Mon, 3 Apr 2006, Andrew Thompson wrote:

> On Mon, Apr 03, 2006 at 01:23:59AM -0300, Marc G. Fournier wrote:
> >
> > taking it off of pgsql-hackers, so that we don't annoy them unnecessarily
> > ...
> >
> > 'k, looking at the code, not that most of it doesn't go over my head ...
> > but ...
> >
> > in kern/kern_jail.c, I can see the prison_check() call ... wouldn't one
> > want to make the change a bit further up?  say in kern_prot.c?  wouldn't
> > you want to change just cr_cansignal() to allow *just* for 'case 0', when
> > someone is just checking to see if a process is already running?  I
> > wouldn't want to be able to SIGKILL the process from a different jail,
> > mind you ... maybe move the check for SIG0 to just before the
> > prison_check, since, unless I'm missing something, other then determining
> > that a process is, in fact, running, SIG0 is a benign signal?
> >
>
> I think the suggestion was to make this EPERM rather than ESRCH to make
> postgres a bit happier, not remove the check entirely. Im not familiar
> with that part of the kernel at all, so I cant say what the consequences
> will be apart from the obvious information leak.

I don't really see what the problem is.  ESRCH seems perfectly
reasonable for trying to kill (even sig 0) a process from a
different jail.  If you're in a jail, then you shouldn't have
knowledge of processes from other jails.

-- 
DE