From owner-cvs-all Wed Apr 11 19:38:12 2001 Delivered-To: cvs-all@freebsd.org Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21]) by hub.freebsd.org (Postfix) with ESMTP id 9C31E37B446; Wed, 11 Apr 2001 19:38:08 -0700 (PDT) (envelope-from rwatson@FreeBSD.org) Received: (from rwatson@localhost) by freefall.freebsd.org (8.11.1/8.11.1) id f3C2c8589262; Wed, 11 Apr 2001 19:38:08 -0700 (PDT) (envelope-from rwatson) Message-Id: <200104120238.f3C2c8589262@freefall.freebsd.org> From: Robert Watson Date: Wed, 11 Apr 2001 19:38:08 -0700 (PDT) To: cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org Subject: cvs commit: src/sys/kern kern_prot.c kern_sig.c src/sys/sys proc.h X-FreeBSD-CVS-Branch: HEAD Sender: owner-cvs-all@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG rwatson 2001/04/11 19:38:08 PDT Modified files: sys/kern kern_prot.c kern_sig.c sys/sys proc.h Log: o Replace p_cankill() with p_cansignal(), remove wrappage of p_can() from signal authorization checking. o p_cansignal() takes three arguments: subject process, object process, and signal number, unlike p_cankill(), which only took into account the processes and not the signal number, improving the abstraction such that CANSIGNAL() from kern_sig.c can now also be eliminated; previously CANSIGNAL() special-cased the handling of SIGCONT based on process session. privused is now deprecated. o The new p_cansignal() further limits the set of signals that may be delivered to processes with P_SUGID set, and restructures the access control check to allow it to be extended more easily. o These changes take into account work done by the OpenBSD Project, as well as by Robert Watson and Thomas Moestl on the TrustedBSD Project. Obtained from: TrustedBSD Project Revision Changes Path 1.80 +72 -33 src/sys/kern/kern_prot.c 1.115 +4 -11 src/sys/kern/kern_sig.c 1.158 +2 -2 src/sys/sys/proc.h To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe cvs-all" in the body of the message