Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 12 Apr 2001 20:06:22 -0700 (PDT)
From:      Robert Watson <rwatson@FreeBSD.org>
To:        cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org
Subject:   cvs commit: src/sys/kern kern_prot.c
Message-ID:  <200104130306.f3D36M992258@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help 

rwatson     2001/04/12 20:06:22 PDT

  Modified files:
    sys/kern             kern_prot.c 
  Log:
  o Disallow two "allow this" exceptions in p_cansignal() restricting
    the ability of unprivileged processes to deliver arbitrary signals
    to daemons temporarily taking on unprivileged effective credentials
    when P_SUGID is not set on the target process:
    Removed:
       (p1->p_cred->cr_ruid != ps->p_cred->cr_uid)
       (p1->p_ucred->cr_uid != ps->p_cred->cr_uid)
  o Replace two "allow this" exceptions in p_cansignal() restricting
    the ability of unprivileged processes to deliver arbitrary signals
    to daemons temporarily taking on unprivileged effective credentials
    when P_SUGID is set on the target process:
    Replaced:
       (p1->p_cred->p_ruid != p2->p_ucred->cr_uid)
       (p1->p_cred->cr_uid != p2->p_ucred->cr_uid)
    With:
       (p1->p_cred->p_ruid != p2->p_ucred->p_svuid)
       (p1->p_ucred->cr_uid != p2->p_ucred->p_svuid)
  o These changes have the effect of making the uid-based handling of
    both P_SUGID and non-P_SUGID signal delivery consistent, following
    these four general cases:
       p1's ruid equals p2's ruid
       p1's euid equals p2's ruid
       p1's ruid equals p2's svuid
       p1's euid equals p2's svuid
    The P_SUGID and non-P_SUGID cases can now be largely collapsed,
    and I'll commit this in a few days if no immediate problems are
    encountered with this set of changes.
  o These changes remove a number of warning cases identified by the
    proc_to_proc inter-process authorization regression test.
  o As these are new restrictions, we'll have to watch out carefully for
    possible side effects on running code: they seem reasonable to me,
    but it's possible this change might have to be backed out if problems
    are experienced.
  
  Submitted by:		src/tools/regression/security/proc_to_proc/testuid
  Reviewed by:		tmm
  Obtained from:	TrustedBSD Project
  
  Revision  Changes    Path
  1.83      +4 -6      src/sys/kern/kern_prot.c


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe cvs-all" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200104130306.f3D36M992258>