Skip site navigation (1)Skip section navigation (2) 
Date:      Tue, 27 Nov 2012 10:22:41 +0000 (UTC)
From:      Pawel Jakub Dawidek <pjd@FreeBSD.org>
To:        src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org
Subject:   svn commit: r243610 - head/sys/kern
Message-ID:  <201211271022.qARAMfUi041661@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help 
Author: pjd
Date: Tue Nov 27 10:22:40 2012
New Revision: 243610
URL: http://svnweb.freebsd.org/changeset/base/243610

Log:
  Allow to use kill(2) in capability mode, but process can send a signal only
  to himself. For example abort(3) at first tries to do kill(getpid(), SIGABRT)
  which was failing in capability mode, so the code was failing back to exit(1).
  
  Reviewed by:	rwatson
  Obtained from:	WHEEL Systems
  MFC after:	2 weeks

Modified:
  head/sys/kern/capabilities.conf
  head/sys/kern/kern_sig.c

Modified: head/sys/kern/capabilities.conf
==============================================================================
--- head/sys/kern/capabilities.conf	Tue Nov 27 10:16:48 2012	(r243609)
+++ head/sys/kern/capabilities.conf	Tue Nov 27 10:22:40 2012	(r243610)
@@ -337,6 +337,11 @@ issetugid
 kevent
 
 ##
+## Allow kill(2), as we allow the process to send signals only to himself.
+##
+kill
+
+##
 ## Allow message queue operations on file descriptors, subject to capability
 ## rights.
 ##

Modified: head/sys/kern/kern_sig.c
==============================================================================
--- head/sys/kern/kern_sig.c	Tue Nov 27 10:16:48 2012	(r243609)
+++ head/sys/kern/kern_sig.c	Tue Nov 27 10:22:40 2012	(r243610)
@@ -1679,6 +1679,14 @@ sys_kill(struct thread *td, struct kill_
 	struct proc *p;
 	int error;
 
+	/*
+	 * A process in capability mode can send signals only to himself.
+	 * The main rationale behind this is that abort(3) is implemented as
+	 * kill(getpid(), SIGABRT).
+	 */
+	if (IN_CAPABILITY_MODE(td) && uap->pid != td->td_proc->p_pid)
+		return (ECAPMODE);
+
 	AUDIT_ARG_SIGNUM(uap->signum);
 	AUDIT_ARG_PID(uap->pid);
 	if ((u_int)uap->signum > _SIG_MAXSIG)

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201211271022.qARAMfUi041661>