Date: Mon, 29 Oct 2012 04:51:51 +0000 (UTC) From: Eitan Adler <eadler@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-7@freebsd.org Subject: svn commit: r242299 - in stable/7/lib/libc: compat-43 sys Message-ID: <201210290451.q9T4ppgT080129@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: eadler Date: Mon Oct 29 04:51:51 2012 New Revision: 242299 URL: http://svn.freebsd.org/changeset/base/242299 Log: MFC r241855: Update the kill(2) and killpg(2) man pages to the modern permission checks. Also indicate killpg(2) is POSIX compliant. Approved by: cperciva (implicit) Modified: stable/7/lib/libc/compat-43/killpg.2 stable/7/lib/libc/sys/kill.2 Directory Properties: stable/7/lib/libc/ (props changed) Modified: stable/7/lib/libc/compat-43/killpg.2 ============================================================================== --- stable/7/lib/libc/compat-43/killpg.2 Mon Oct 29 04:51:51 2012 (r242298) +++ stable/7/lib/libc/compat-43/killpg.2 Mon Oct 29 04:51:51 2012 (r242299) @@ -58,11 +58,9 @@ is 0, .Fn killpg sends the signal to the sending process's process group. .Pp -The sending process and members of the process group must -have the same effective user ID, or -the sender must be the super-user. -As a single special case the continue signal SIGCONT may be sent -to any process with the same session ID as the caller. +The sending process must be able to +.Fn kill +at least one process in the receiving process group. .Sh RETURN VALUES .Rv -std killpg .Sh ERRORS @@ -83,9 +81,8 @@ No process can be found in the process g The process group was given as 0 but the sending process does not have a process group. .It Bq Er EPERM -The sending process is not the super-user and one or more -of the target processes has an effective user ID different from that -of the sending process. +.Fn kill +returns EPERM for all processes in the process group. .El .Sh SEE ALSO .Xr getpgrp 2 , Modified: stable/7/lib/libc/sys/kill.2 ============================================================================== --- stable/7/lib/libc/sys/kill.2 Mon Oct 29 04:51:51 2012 (r242298) +++ stable/7/lib/libc/sys/kill.2 Mon Oct 29 04:51:51 2012 (r242299) @@ -64,11 +64,19 @@ This can be used to check the validity o For a process to have permission to send a signal to a process designated by .Fa pid , -the real or effective user ID of the receiving process must match -that of the sending process or the user must have appropriate privileges -(such as given by a set-user-ID program or the user is the super-user). +the user must be the super-user, or +the real or saved user ID of the receiving process must match +the real or effective user ID of the sending process. A single exception is the signal SIGCONT, which may always be sent -to any process with the same session ID as the caller. +to any process with the same session ID as the sender. +In addition, if the +.Va security.bsd.conservative_signals +.Xr sysctl +is set to 1, the user is not a super-user, and +the receiver is set-uid, then +only job control and terminal control signals may +be sent (in particular, only SIGKILL, SIGINT, SIGTERM, SIGALRM, +SIGSTOP, SIGTTIN, SIGTTOU, SIGTSTP, SIGHUP, SIGUSR1, SIGUSR2). .Bl -tag -width Ds .It \&If Fa pid No \&is greater than zero : The @@ -127,10 +135,9 @@ No process can be found corresponding to The process id was given as 0 but the sending process does not have a process group. .It Bq Er EPERM -The sending process is not the super-user and its effective -user id does not match the effective user-id of the receiving process. -When signaling a process group, this error is returned if any members -of the group could not be signaled. +The sending process does not have permission to send +.Va sig +to the receiving process. .El .Sh SEE ALSO .Xr getpgrp 2 ,
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201210290451.q9T4ppgT080129>