From 1a88a252fdf5646a04eb68879e759c5089163afb Mon Sep 17 00:00:00 2001
From: Maxim Sobolev <sobomax@FreeBSD.org>
Date: Sun, 13 Feb 2005 17:37:20 +0000
Subject: [PATCH] Backout previous change (disabling of security checks for
 signals delivered in emulation layers), since it appears to be too broad.

Requested by:   rwatson
---
 sys/alpha/osf1/osf1_signal.c    |  2 +-
 sys/compat/linux/linux_signal.c |  4 ++--
 sys/compat/svr4/svr4_signal.c   |  2 +-
 sys/i386/ibcs2/ibcs2_signal.c   |  2 +-
 sys/kern/kern_prot.c            |  9 +++++----
 sys/kern/kern_sig.c             | 33 +++++++++++----------------------
 sys/sys/proc.h                  |  6 ++----
 sys/sys/syscallsubr.h           |  2 --
 8 files changed, 23 insertions(+), 37 deletions(-)

diff --git a/sys/alpha/osf1/osf1_signal.c b/sys/alpha/osf1/osf1_signal.c
index 7a96223ef3bd..355cb1c20e9b 100644
--- a/sys/alpha/osf1/osf1_signal.c
+++ b/sys/alpha/osf1/osf1_signal.c
@@ -445,7 +445,7 @@ osf1_kill(td, uap)
 
 	ka.pid = uap->pid;
 	ka.signum = uap->signum;
-	return kern_kill(td, &ka, 0);
+	return kill(td, &ka);
 }
 
 
diff --git a/sys/compat/linux/linux_signal.c b/sys/compat/linux/linux_signal.c
index fa4ae7b8a283..8a3b461abc37 100644
--- a/sys/compat/linux/linux_signal.c
+++ b/sys/compat/linux/linux_signal.c
@@ -27,7 +27,7 @@
  */
 
 #include <sys/cdefs.h>
-__FBSDID("$FreeBSD$");
+__FBSDID("$FreeBSD$")
 
 #include <sys/param.h>
 #include <sys/systm.h>
@@ -435,5 +435,5 @@ linux_kill(struct thread *td, struct linux_kill_args *args)
 		tmp.signum = args->signum;
 
 	tmp.pid = args->pid;
-	return (kern_kill(td, &tmp, 0));
+	return (kill(td, &tmp));
 }
diff --git a/sys/compat/svr4/svr4_signal.c b/sys/compat/svr4/svr4_signal.c
index 2ccebd5c4d42..1a3f7f1c9c6a 100644
--- a/sys/compat/svr4/svr4_signal.c
+++ b/sys/compat/svr4/svr4_signal.c
@@ -521,7 +521,7 @@ svr4_sys_kill(td, uap)
 		return (EINVAL);
 	ka.pid = uap->pid;
 	ka.signum = SVR4_SVR42BSD_SIG(uap->signum);
-	return kern_kill(td, &ka, 0);
+	return kill(td, &ka);
 }
 
 
diff --git a/sys/i386/ibcs2/ibcs2_signal.c b/sys/i386/ibcs2/ibcs2_signal.c
index 0cb3b9add833..b2f339338fc6 100644
--- a/sys/i386/ibcs2/ibcs2_signal.c
+++ b/sys/i386/ibcs2/ibcs2_signal.c
@@ -437,5 +437,5 @@ ibcs2_kill(td, uap)
 		return (EINVAL);
 	ka.pid = uap->pid;
 	ka.signum = ibcs2_to_bsd_sig[_SIG_IDX(uap->signo)];
-	return kern_kill(td, &ka, 0);
+	return kill(td, &ka);
 }
diff --git a/sys/kern/kern_prot.c b/sys/kern/kern_prot.c
index d989ab3f334a..21f277f8a63e 100644
--- a/sys/kern/kern_prot.c
+++ b/sys/kern/kern_prot.c
@@ -1427,7 +1427,7 @@ SYSCTL_INT(_security_bsd, OID_AUTO, conservative_signals, CTLFLAG_RW,
  * References: cred and proc must be valid for the lifetime of the call.
  */
 int
-cr_cansignal(struct ucred *cred, struct proc *proc, int signum, int pedantic)
+cr_cansignal(struct ucred *cred, struct proc *proc, int signum)
 {
 	int error;
 
@@ -1453,7 +1453,7 @@ cr_cansignal(struct ucred *cred, struct proc *proc, int signum, int pedantic)
 	 * bit on the target process.  If the bit is set, then additional
 	 * restrictions are placed on the set of available signals.
 	 */
-	if (conservative_signals && (proc->p_flag & P_SUGID) && pedantic) {
+	if (conservative_signals && (proc->p_flag & P_SUGID)) {
 		switch (signum) {
 		case 0:
 		case SIGKILL:
@@ -1467,6 +1467,7 @@ cr_cansignal(struct ucred *cred, struct proc *proc, int signum, int pedantic)
 		case SIGHUP:
 		case SIGUSR1:
 		case SIGUSR2:
+		case SIGTHR:
 			/*
 			 * Generally, permit job and terminal control
 			 * signals.
@@ -1507,7 +1508,7 @@ cr_cansignal(struct ucred *cred, struct proc *proc, int signum, int pedantic)
  * References: td and p must be valid for the lifetime of the call
  */
 int
-p_cansignal(struct thread *td, struct proc *p, int signum, int pedantic)
+p_cansignal(struct thread *td, struct proc *p, int signum)
 {
 
 	KASSERT(td == curthread, ("%s: td not curthread", __func__));
@@ -1524,7 +1525,7 @@ p_cansignal(struct thread *td, struct proc *p, int signum, int pedantic)
 	if (signum == SIGCONT && td->td_proc->p_session == p->p_session)
 		return (0);
 
-	return (cr_cansignal(td->td_ucred, p, signum, pedantic));
+	return (cr_cansignal(td->td_ucred, p, signum));
 }
 
 /*-
diff --git a/sys/kern/kern_sig.c b/sys/kern/kern_sig.c
index 097480105e85..2889adb7174b 100644
--- a/sys/kern/kern_sig.c
+++ b/sys/kern/kern_sig.c
@@ -82,8 +82,7 @@ __FBSDID("$FreeBSD$");
 
 static int	coredump(struct thread *);
 static char	*expand_name(const char *, uid_t, pid_t);
-static int	killpg1(struct thread *td, int sig, int pgid, int all,
-		        int pedantic);
+static int	killpg1(struct thread *td, int sig, int pgid, int all);
 static int	issignal(struct thread *p);
 static int	sigprop(int sig);
 static void	stop(struct proc *);
@@ -1300,9 +1299,9 @@ kern_sigaltstack(struct thread *td, stack_t *ss, stack_t *oss)
  * cp is calling process.
  */
 static int
-killpg1(td, sig, pgid, all, pedantic)
+killpg1(td, sig, pgid, all)
 	register struct thread *td;
-	int sig, pgid, all, pedantic;
+	int sig, pgid, all;
 {
 	register struct proc *p;
 	struct pgrp *pgrp;
@@ -1320,7 +1319,7 @@ killpg1(td, sig, pgid, all, pedantic)
 				PROC_UNLOCK(p);
 				continue;
 			}
-			if (p_cansignal(td, p, sig, pedantic) == 0) {
+			if (p_cansignal(td, p, sig) == 0) {
 				nfound++;
 				if (sig)
 					psignal(p, sig);
@@ -1345,12 +1344,12 @@ killpg1(td, sig, pgid, all, pedantic)
 		}
 		sx_sunlock(&proctree_lock);
 		LIST_FOREACH(p, &pgrp->pg_members, p_pglist) {
-			PROC_LOCK(p);
+			PROC_LOCK(p);	      
 			if (p->p_pid <= 1 || p->p_flag & P_SYSTEM) {
 				PROC_UNLOCK(p);
 				continue;
 			}
-			if (p_cansignal(td, p, sig, pedantic) == 0) {
+			if (p_cansignal(td, p, sig) == 0) {
 				nfound++;
 				if (sig)
 					psignal(p, sig);
@@ -1377,16 +1376,6 @@ kill(td, uap)
 	register struct thread *td;
 	register struct kill_args *uap;
 {
-
-	return kern_kill(td, uap, 1);
-}
-
-int
-kern_kill(td, uap, pedantic)
-	struct thread *td;
-	struct kill_args *uap;
-	int pedantic;
-{
 	register struct proc *p;
 	int error;
 
@@ -1399,7 +1388,7 @@ kern_kill(td, uap, pedantic)
 			if ((p = zpfind(uap->pid)) == NULL)
 				return (ESRCH);
 		}
-		error = p_cansignal(td, p, uap->signum, pedantic);
+		error = p_cansignal(td, p, uap->signum);
 		if (error == 0 && uap->signum)
 			psignal(p, uap->signum);
 		PROC_UNLOCK(p);
@@ -1407,11 +1396,11 @@ kern_kill(td, uap, pedantic)
 	}
 	switch (uap->pid) {
 	case -1:		/* broadcast signal */
-		return (killpg1(td, uap->signum, 0, 1, pedantic));
+		return (killpg1(td, uap->signum, 0, 1));
 	case 0:			/* signal own process group */
-		return (killpg1(td, uap->signum, 0, 0, pedantic));
+		return (killpg1(td, uap->signum, 0, 0));
 	default:		/* negative explicit process group */
-		return (killpg1(td, uap->signum, -uap->pid, 0, pedantic));
+		return (killpg1(td, uap->signum, -uap->pid, 0));
 	}
 	/* NOTREACHED */
 }
@@ -1435,7 +1424,7 @@ okillpg(td, uap)
 
 	if ((u_int)uap->signum > _SIG_MAXSIG)
 		return (EINVAL);
-	return (killpg1(td, uap->signum, uap->pgid, 0, 1));
+	return (killpg1(td, uap->signum, uap->pgid, 0));
 }
 #endif /* COMPAT_43 */
 
diff --git a/sys/sys/proc.h b/sys/sys/proc.h
index cda4ccfa8f42..52b47efe4a2e 100644
--- a/sys/sys/proc.h
+++ b/sys/sys/proc.h
@@ -831,8 +831,7 @@ struct	proc *zpfind(pid_t);		/* Find zombie process by id. */
 void	adjustrunqueue(struct thread *, int newpri);
 void	ast(struct trapframe *framep);
 struct	thread *choosethread(void);
-int	cr_cansignal(struct ucred *cred, struct proc *proc, int signum,
-	    int pedantic);
+int	cr_cansignal(struct ucred *cred, struct proc *proc, int signum);
 int	enterpgrp(struct proc *p, pid_t pgid, struct pgrp *pgrp,
 	    struct session *sess);
 int	enterthispgrp(struct proc *p, struct pgrp *pgrp);
@@ -849,8 +848,7 @@ void	mi_switch(int flags, struct thread *newtd);
 int	p_candebug(struct thread *td, struct proc *p);
 int	p_cansee(struct thread *td, struct proc *p);
 int	p_cansched(struct thread *td, struct proc *p);
-int	p_cansignal(struct thread *td, struct proc *p, int signum,
-	    int pedantic);
+int	p_cansignal(struct thread *td, struct proc *p, int signum);
 struct	pargs *pargs_alloc(int len);
 void	pargs_drop(struct pargs *pa);
 void	pargs_free(struct pargs *pa);
diff --git a/sys/sys/syscallsubr.h b/sys/sys/syscallsubr.h
index 04f007c00ea9..a996ba718066 100644
--- a/sys/sys/syscallsubr.h
+++ b/sys/sys/syscallsubr.h
@@ -42,7 +42,6 @@ struct msqid_ds;
 struct rlimit;
 struct rusage;
 struct sockaddr;
-struct kill_args;
 struct stat;
 
 int	kern___getcwd(struct thread *td, u_char *buf, enum uio_seg bufseg,
@@ -70,7 +69,6 @@ int	kern_getitimer(struct thread *, u_int, struct itimerval *);
 int	kern_getrusage(struct thread *td, int who, struct rusage *rup);
 int	kern_getsockopt(struct thread *td, int s, int level, int name,
 	    void *optval, enum uio_seg valseg, socklen_t *valsize);
-int	kern_kill(struct thread *, struct kill_args *, int);
 int	kern_lchown(struct thread *td, char *path, enum uio_seg pathseg,
 	    int uid, int gid);
 int	kern_link(struct thread *td, char *path, char *link,