From a449e81e001b2647c47389c6667ccc7fa5d9a869 Mon Sep 17 00:00:00 2001 From: Brooks Davis Date: Wed, 2 Sep 2020 21:14:36 +0000 Subject: [PATCH] Remove risky compatability with old kernels The badsys() handler for SIGSYS was added as a transtion aid for kernels lacking sysctl() in 1993. It is unsafe and unsound so remove it rather than running the risk of a privilege-dropping system call being silently omitted. This partially reverts SCCSID 6.12 (Berkeley) 03/03/93 "add code to change the system security level". Reviewed by: mckusick, imp, kevans Obtained from: CheriBSD MFC after: 1 week Sponsored by: DARPA Differential Revision: https://reviews.freebsd.org/D26289 --- sbin/init/init.c | 22 ++-------------------- 1 file changed, 2 insertions(+), 20 deletions(-) diff --git a/sbin/init/init.c b/sbin/init/init.c index 58bd07a3c27b..f7c4144eb6a5 100644 --- a/sbin/init/init.c +++ b/sbin/init/init.c @@ -106,7 +106,6 @@ static void stall(const char *, ...) __printflike(1, 2); static void warning(const char *, ...) __printflike(1, 2); static void emergency(const char *, ...) __printflike(1, 2); static void disaster(int); -static void badsys(int); static void revoke_ttys(void); static int runshutdown(void); static char *strk(char *); @@ -307,9 +306,8 @@ main(int argc, char *argv[]) * We catch or block signals rather than ignore them, * so that they get reset on exec. */ - handle(badsys, SIGSYS, 0); - handle(disaster, SIGABRT, SIGFPE, SIGILL, SIGSEGV, SIGBUS, SIGXCPU, - SIGXFSZ, 0); + handle(disaster, SIGABRT, SIGFPE, SIGILL, SIGSEGV, SIGBUS, SIGSYS, + SIGXCPU, SIGXFSZ, 0); handle(transition_handler, SIGHUP, SIGINT, SIGEMT, SIGTERM, SIGTSTP, SIGUSR1, SIGUSR2, SIGWINCH, 0); handle(alrm_handler, SIGALRM, 0); @@ -506,22 +504,6 @@ emergency(const char *message, ...) va_end(ap); } -/* - * Catch a SIGSYS signal. - * - * These may arise if a system does not support sysctl. - * We tolerate up to 25 of these, then throw in the towel. - */ -static void -badsys(int sig) -{ - static int badcount = 0; - - if (badcount++ < 25) - return; - disaster(sig); -} - /* * Catch an unexpected signal. */