Date: Wed, 9 Jan 2002 20:30:52 -0500 (EST) From: Robert Watson <rwatson@FreeBSD.ORG> To: Alexander Kabaev <ak03@gte.com> Cc: cvs-all@FreeBSD.ORG Subject: Re: cvs commit: src/sys/kern kern_sig.c Message-ID: <Pine.NEB.3.96L.1020109202923.50119A-100000@fledge.watson.org> In-Reply-To: <20020109162459.0bf4dcd9.ak03@gte.com>
next in thread | previous in thread | raw e-mail | index | archive | help
I've backed this out, and will work on a better version. It seems we'll probably need a second version of cr_cansignal() that handles P_SUGID differently for implicit signal generation from sockets/etc. However, having them share implementation, and be centrally located, will still offer many of the benefits from using cr_casignal() solely. Thanks for the report! Robert N M Watson FreeBSD Core Team, TrustedBSD Project robert@fledge.watson.org NAI Labs, Safeport Network Services On Wed, 9 Jan 2002, Alexander Kabaev wrote: > This commit broke SIGURG and SIGIO delivery to the processes with > P_SUGID bit set. cr_cansignal will require suser_xxx to success for any > signal which is not on the following list: SIGKILL, SIGINT, SIGTERM, > SIGSTOP, SIGTTIN, SIGTTOU, SIGTSTP, SIGHUP, SIGUSR1, SIGUSR2. > > The most visible victim is rlogin, which currently fails to negotiate > window size with remote site because SIGURG signal cannot be delivered > to indicate OOB data. > > > rwatson 2002/01/05 16:54:47 PST > > > > Modified files: > > sys/kern kern_sig.c > > Log: > > - Teach SIGIO code to use cr_cansignal() instead of a custom > > CANSIGIO() macro. As a result, mandatory signal delivery policies > > will be applied consistently across the kernel. > > > > - Note that this subtly changes the protection semantics, and we > > should watch out for any resulting breakage. Previously, delivery > > of SIGIO in this circumstance was limited to situations where the > > subject was privileged, or where one of the subject's (ruid, euid) > > matched one of the object's (ruid, euid). In the new scenario, > > subject (ruid, euid) are matched against the object's (ruid, > > svuid), and the object uid's must be a subset of the subject uid's. > > Likewise, jail now affects delivery, and special handling for > > P_SUGID of the object is present. This change can always be > > reversed or tweaked if it proves to disrupt application behavior > > substantially. > > > > Obtained from: TrustedBSD Project > > Sponsored by: DARPA, NAI Labs > > > > Revision Changes Path > > 1.143 +3 -13 src/sys/kern/kern_sig.c > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > with "unsubscribe cvs-all" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe cvs-all" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.NEB.3.96L.1020109202923.50119A-100000>