Date: Wed, 11 Apr 2001 19:38:08 -0700 (PDT) From: Robert Watson <rwatson@FreeBSD.org> To: cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org Subject: cvs commit: src/sys/kern kern_prot.c kern_sig.c src/sys/sys proc.h Message-ID: <200104120238.f3C2c8589262@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
rwatson 2001/04/11 19:38:08 PDT
Modified files:
sys/kern kern_prot.c kern_sig.c
sys/sys proc.h
Log:
o Replace p_cankill() with p_cansignal(), remove wrappage of p_can()
from signal authorization checking.
o p_cansignal() takes three arguments: subject process, object process,
and signal number, unlike p_cankill(), which only took into account
the processes and not the signal number, improving the abstraction
such that CANSIGNAL() from kern_sig.c can now also be eliminated;
previously CANSIGNAL() special-cased the handling of SIGCONT based
on process session. privused is now deprecated.
o The new p_cansignal() further limits the set of signals that may
be delivered to processes with P_SUGID set, and restructures the
access control check to allow it to be extended more easily.
o These changes take into account work done by the OpenBSD Project,
as well as by Robert Watson and Thomas Moestl on the TrustedBSD
Project.
Obtained from: TrustedBSD Project
Revision Changes Path
1.80 +72 -33 src/sys/kern/kern_prot.c
1.115 +4 -11 src/sys/kern/kern_sig.c
1.158 +2 -2 src/sys/sys/proc.h
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe cvs-all" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200104120238.f3C2c8589262>