d/freebsd-nq
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

- Teach SIGIO code to use cr_cansignal() instead of a custom CANSIGIO()

Browse Source 
macro.  As a result, mandatory signal delivery policies will be
  applied consistently across the kernel.

- Note that this subtly changes the protection semantics, and we should
  watch out for any resulting breakage.  Previously, delivery of SIGIO
  in this circumstance was limited to situations where the subject was
  privileged, or where one of the subject's (ruid, euid) matched one
  of the object's (ruid, euid).  In the new scenario, subject (ruid, euid)
  are matched against the object's (ruid, svuid), and the object uid's
  must be a subset of the subject uid's.  Likewise, jail now affects
  delivery, and special handling for P_SUGID of the object is present.
  This change can always be reversed or tweaked if it proves to disrupt
  application behavior substantially.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, NAI Labs
This commit is contained in:
Robert Watson 2002-01-06 00:54:46 +00:00
parent c83f8015fa
commit f8efde8991
1 changed files with 3 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
sys/kern/kern_sig.c
View File

@ -97,17 +97,6 @@ SYSCTL_INT(_kern, KERN_LOGSIGEXIT, logsigexit, CTLFLAG_RW,
&kern_logsigexit, 0,
"Log processes quitting on abnormal signals to syslog(3)");
/*
* Policy -- Can ucred cr1 send SIGIO to process cr2?
* XXX: should use suser(), p_cansignal().
*/
#define CANSIGIO(cr1, cr2) \
((cr1)->cr_uid == 0 || \
(cr1)->cr_ruid == (cr2)->cr_ruid || \
(cr1)->cr_uid == (cr2)->cr_ruid || \
(cr1)->cr_ruid == (cr2)->cr_uid || \
(cr1)->cr_uid == (cr2)->cr_uid)
int sugid_coredump;
SYSCTL_INT(_kern, OID_AUTO, sugid_coredump, CTLFLAG_RW,
&sugid_coredump, 0, "Enable coredumping set user/group ID processes");
@ -2075,7 +2064,8 @@ pgsigio(sigio, sig, checkctty)
if (sigio->sio_pgid > 0) {
PROC_LOCK(sigio->sio_proc);
if (CANSIGIO(sigio->sio_ucred, sigio->sio_proc->p_ucred))
if (cr_cansignal(sigio->sio_ucred, sigio->sio_proc, sig)
== 0)
psignal(sigio->sio_proc, sig);
PROC_UNLOCK(sigio->sio_proc);
} else if (sigio->sio_pgid < 0) {
@ -2083,7 +2073,7 @@ pgsigio(sigio, sig, checkctty)
LIST_FOREACH(p, &sigio->sio_pgrp->pg_members, p_pglist) {
PROC_LOCK(p);
if (CANSIGIO(sigio->sio_ucred, p->p_ucred) &&
if ((cr_cansignal(sigio->sio_ucred, p, sig) == 0) &&
(checkctty == 0 || (p->p_flag & P_CONTROLT)))
psignal(p, sig);
PROC_UNLOCK(p);