Skip site navigation (1)Skip section navigation (2) 
Date:      Fri, 29 May 2026 19:12:58 +0000
From:      Ed Maste <emaste@FreeBSD.org>
To:        src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org
Subject:   git: d11ff01b3aec - stable/14 - sigqueue: In capability mode, only allow signalling self
Message-ID:  <6a19e53a.22b87.5077d08c@gitrepo.freebsd.org>
index | next in thread | raw e-mail 

The branch stable/14 has been updated by emaste:

URL: https://cgit.FreeBSD.org/src/commit/?id=d11ff01b3aec336128e6babbff7a421fbce82015

commit d11ff01b3aec336128e6babbff7a421fbce82015
Author:     Ed Maste <emaste@FreeBSD.org>
AuthorDate: 2026-05-26 13:24:36 +0000
Commit:     Ed Maste <emaste@FreeBSD.org>
CommitDate: 2026-05-29 19:12:46 +0000

    sigqueue: In capability mode, only allow signalling self
    
    This is copied from the check in kern_kill.
    
    Reviewed by:    markj, oshogbo
    Sponsored by:   The FreeBSD Foundation
    Differential Revision: https://reviews.freebsd.org/D57244
    
    (cherry picked from commit b9d16b7fd2fa6bc4b3e8364804cbdc1b76ebe8a5)
    (cherry picked from commit defd9b86ef995ce70363eae9b323d616bda865be)
---
 contrib/capsicum-test/capmode.cc | 12 +++++++++---
 sys/kern/kern_sig.c              | 10 ++++++++++
 2 files changed, 19 insertions(+), 3 deletions(-)

diff --git a/contrib/capsicum-test/capmode.cc b/contrib/capsicum-test/capmode.cc
index f32d9e038744..12921bb53c72 100644
--- a/contrib/capsicum-test/capmode.cc
+++ b/contrib/capsicum-test/capmode.cc
@@ -747,8 +747,8 @@ FORK_TEST(Capmode, NewThread) {
   close(thread_pipe[1]);
 }
 
-static volatile sig_atomic_t had_signal = 0;
-static void handle_signal(int) { had_signal = 1; }
+static volatile sig_atomic_t signal_cnt = 0;
+static void handle_signal(int) { signal_cnt++; }
 
 FORK_TEST(Capmode, SelfKill) {
   pid_t me = getpid();
@@ -766,7 +766,13 @@ FORK_TEST(Capmode, SelfKill) {
   // Can only kill(2) to own pid.
   EXPECT_CAPMODE(kill(child, SIGUSR1));
   EXPECT_OK(kill(me, SIGUSR1));
-  EXPECT_EQ(1, had_signal);
+  EXPECT_EQ(1, signal_cnt);
+
+  union sigval sv;
+  sv.sival_int = 0x1234;
+  EXPECT_CAPMODE(sigqueue(child, SIGUSR1, sv));
+  EXPECT_OK(sigqueue(me, SIGUSR1, sv));
+  EXPECT_EQ(2, signal_cnt);
 
   signal(SIGUSR1, original);
 }
diff --git a/sys/kern/kern_sig.c b/sys/kern/kern_sig.c
index 91361d680809..7f399586f639 100644
--- a/sys/kern/kern_sig.c
+++ b/sys/kern/kern_sig.c
@@ -2047,6 +2047,16 @@ kern_sigqueue(struct thread *td, pid_t pid, int signumf, union sigval *value)
 	if (pid <= 0)
 		return (EINVAL);
 
+	/*
+	 * A process in capability mode can send signals only to itself.
+	 */
+	if (pid != td->td_proc->p_pid) {
+		if (CAP_TRACING(td))
+			ktrcapfail(CAPFAIL_SIGNAL, &signum);
+		if (IN_CAPABILITY_MODE(td))
+			return (ECAPMODE);
+	}
+
 	if ((signumf & __SIGQUEUE_TID) == 0) {
 		if ((p = pfind_any(pid)) == NULL)
 			return (ESRCH);
home | help

Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?6a19e53a.22b87.5077d08c>