Skip site navigation (1)Skip section navigation (2) 
Date:      Tue, 26 May 2026 19:19:06 +0000
From:      Ed Maste <emaste@FreeBSD.org>
To:        src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org
Subject:   git: b9d16b7fd2fa - main - sigqueue: In capability mode, only allow signalling self
Message-ID:  <6a15f22a.45a03.9367978@gitrepo.freebsd.org>
index | next in thread | raw e-mail 

The branch main has been updated by emaste:

URL: https://cgit.FreeBSD.org/src/commit/?id=b9d16b7fd2fa6bc4b3e8364804cbdc1b76ebe8a5

commit b9d16b7fd2fa6bc4b3e8364804cbdc1b76ebe8a5
Author:     Ed Maste <emaste@FreeBSD.org>
AuthorDate: 2026-05-26 13:24:36 +0000
Commit:     Ed Maste <emaste@FreeBSD.org>
CommitDate: 2026-05-26 19:18:56 +0000

    sigqueue: In capability mode, only allow signalling self
    
    This is copied from the check in kern_kill.
    
    Reviewed by:    markj, oshogbo
    Sponsored by:   The FreeBSD Foundation
    Differential Revision: https://reviews.freebsd.org/D57244
---
 sys/kern/kern_sig.c           | 10 ++++++++++
 tests/sys/capsicum/capmode.cc | 12 +++++++++---
 2 files changed, 19 insertions(+), 3 deletions(-)

diff --git a/sys/kern/kern_sig.c b/sys/kern/kern_sig.c
index 9be7c82ee98b..e48997ed966a 100644
--- a/sys/kern/kern_sig.c
+++ b/sys/kern/kern_sig.c
@@ -2038,6 +2038,16 @@ kern_sigqueue(struct thread *td, pid_t pid, int signumf, union sigval *value)
 	if (pid <= 0)
 		return (EINVAL);
 
+	/*
+	 * A process in capability mode can send signals only to itself.
+	 */
+	if (pid != td->td_proc->p_pid) {
+		if (CAP_TRACING(td))
+			ktrcapfail(CAPFAIL_SIGNAL, &signum);
+		if (IN_CAPABILITY_MODE(td))
+			return (ECAPMODE);
+	}
+
 	if ((signumf & __SIGQUEUE_TID) == 0) {
 		if ((p = pfind_any(pid)) == NULL)
 			return (ESRCH);
diff --git a/tests/sys/capsicum/capmode.cc b/tests/sys/capsicum/capmode.cc
index c6eef19b350f..fdc572f11b5b 100644
--- a/tests/sys/capsicum/capmode.cc
+++ b/tests/sys/capsicum/capmode.cc
@@ -703,8 +703,8 @@ FORK_TEST(Capmode, NewThread) {
   close(thread_pipe[1]);
 }
 
-static volatile sig_atomic_t had_signal = 0;
-static void handle_signal(int) { had_signal = 1; }
+static volatile sig_atomic_t signal_cnt = 0;
+static void handle_signal(int) { signal_cnt++; }
 
 FORK_TEST(Capmode, SelfKill) {
   pid_t me = getpid();
@@ -722,7 +722,13 @@ FORK_TEST(Capmode, SelfKill) {
   // Can only kill(2) to own pid.
   EXPECT_CAPMODE(kill(child, SIGUSR1));
   EXPECT_OK(kill(me, SIGUSR1));
-  EXPECT_EQ(1, had_signal);
+  EXPECT_EQ(1, signal_cnt);
+
+  union sigval sv;
+  sv.sival_int = 0x1234;
+  EXPECT_CAPMODE(sigqueue(child, SIGUSR1, sv));
+  EXPECT_OK(sigqueue(me, SIGUSR1, sv));
+  EXPECT_EQ(2, signal_cnt);
 
   signal(SIGUSR1, original);
 }
home | help

Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?6a15f22a.45a03.9367978>