Backout previous change (disabling of security checks for signals delivered
in emulation layers), since it appears to be too broad. Requested by: rwatson
This commit is contained in:
sobomax
parent
29d152dbfd
commit
52ae2ac0b9
@ -445,7 +445,7 @@ osf1_kill(td, uap)
|
||||
|
||||
ka.pid = uap->pid;
|
||||
ka.signum = uap->signum;
|
||||
return kern_kill(td, &ka, 0);
|
||||
return kill(td, &ka);
|
||||
}
|
||||
|
||||
|
||||
|
||||
@ -27,7 +27,7 @@
|
||||
*/
|
||||
|
||||
#include <sys/cdefs.h>
|
||||
__FBSDID("$FreeBSD$");
|
||||
__FBSDID("$FreeBSD$")
|
||||
|
||||
#include <sys/param.h>
|
||||
#include <sys/systm.h>
|
||||
@ -435,5 +435,5 @@ linux_kill(struct thread *td, struct linux_kill_args *args)
|
||||
tmp.signum = args->signum;
|
||||
|
||||
tmp.pid = args->pid;
|
||||
return (kern_kill(td, &tmp, 0));
|
||||
return (kill(td, &tmp));
|
||||
}
|
||||
|
||||
@ -521,7 +521,7 @@ svr4_sys_kill(td, uap)
|
||||
return (EINVAL);
|
||||
ka.pid = uap->pid;
|
||||
ka.signum = SVR4_SVR42BSD_SIG(uap->signum);
|
||||
return kern_kill(td, &ka, 0);
|
||||
return kill(td, &ka);
|
||||
}
|
||||
|
||||
|
||||
|
||||
@ -437,5 +437,5 @@ ibcs2_kill(td, uap)
|
||||
return (EINVAL);
|
||||
ka.pid = uap->pid;
|
||||
ka.signum = ibcs2_to_bsd_sig[_SIG_IDX(uap->signo)];
|
||||
return kern_kill(td, &ka, 0);
|
||||
return kill(td, &ka);
|
||||
}
|
||||
|
||||
@ -1427,7 +1427,7 @@ SYSCTL_INT(_security_bsd, OID_AUTO, conservative_signals, CTLFLAG_RW,
|
||||
* References: cred and proc must be valid for the lifetime of the call.
|
||||
*/
|
||||
int
|
||||
cr_cansignal(struct ucred *cred, struct proc *proc, int signum, int pedantic)
|
||||
cr_cansignal(struct ucred *cred, struct proc *proc, int signum)
|
||||
{
|
||||
int error;
|
||||
|
||||
@ -1453,7 +1453,7 @@ cr_cansignal(struct ucred *cred, struct proc *proc, int signum, int pedantic)
|
||||
* bit on the target process. If the bit is set, then additional
|
||||
* restrictions are placed on the set of available signals.
|
||||
*/
|
||||
if (conservative_signals && (proc->p_flag & P_SUGID) && pedantic) {
|
||||
if (conservative_signals && (proc->p_flag & P_SUGID)) {
|
||||
switch (signum) {
|
||||
case 0:
|
||||
case SIGKILL:
|
||||
@ -1467,6 +1467,7 @@ cr_cansignal(struct ucred *cred, struct proc *proc, int signum, int pedantic)
|
||||
case SIGHUP:
|
||||
case SIGUSR1:
|
||||
case SIGUSR2:
|
||||
case SIGTHR:
|
||||
/*
|
||||
* Generally, permit job and terminal control
|
||||
* signals.
|
||||
@ -1507,7 +1508,7 @@ cr_cansignal(struct ucred *cred, struct proc *proc, int signum, int pedantic)
|
||||
* References: td and p must be valid for the lifetime of the call
|
||||
*/
|
||||
int
|
||||
p_cansignal(struct thread *td, struct proc *p, int signum, int pedantic)
|
||||
p_cansignal(struct thread *td, struct proc *p, int signum)
|
||||
{
|
||||
|
||||
KASSERT(td == curthread, ("%s: td not curthread", __func__));
|
||||
@ -1524,7 +1525,7 @@ p_cansignal(struct thread *td, struct proc *p, int signum, int pedantic)
|
||||
if (signum == SIGCONT && td->td_proc->p_session == p->p_session)
|
||||
return (0);
|
||||
|
||||
return (cr_cansignal(td->td_ucred, p, signum, pedantic));
|
||||
return (cr_cansignal(td->td_ucred, p, signum));
|
||||
}
|
||||
|
||||
/*-
|
||||
|
||||
@ -82,8 +82,7 @@ __FBSDID("$FreeBSD$");
|
||||
|
||||
static int coredump(struct thread *);
|
||||
static char *expand_name(const char *, uid_t, pid_t);
|
||||
static int killpg1(struct thread *td, int sig, int pgid, int all,
|
||||
int pedantic);
|
||||
static int killpg1(struct thread *td, int sig, int pgid, int all);
|
||||
static int issignal(struct thread *p);
|
||||
static int sigprop(int sig);
|
||||
static void stop(struct proc *);
|
||||
@ -1300,9 +1299,9 @@ kern_sigaltstack(struct thread *td, stack_t *ss, stack_t *oss)
|
||||
* cp is calling process.
|
||||
*/
|
||||
static int
|
||||
killpg1(td, sig, pgid, all, pedantic)
|
||||
killpg1(td, sig, pgid, all)
|
||||
register struct thread *td;
|
||||
int sig, pgid, all, pedantic;
|
||||
int sig, pgid, all;
|
||||
{
|
||||
register struct proc *p;
|
||||
struct pgrp *pgrp;
|
||||
@ -1320,7 +1319,7 @@ killpg1(td, sig, pgid, all, pedantic)
|
||||
PROC_UNLOCK(p);
|
||||
continue;
|
||||
}
|
||||
if (p_cansignal(td, p, sig, pedantic) == 0) {
|
||||
if (p_cansignal(td, p, sig) == 0) {
|
||||
nfound++;
|
||||
if (sig)
|
||||
psignal(p, sig);
|
||||
@ -1350,7 +1349,7 @@ killpg1(td, sig, pgid, all, pedantic)
|
||||
PROC_UNLOCK(p);
|
||||
continue;
|
||||
}
|
||||
if (p_cansignal(td, p, sig, pedantic) == 0) {
|
||||
if (p_cansignal(td, p, sig) == 0) {
|
||||
nfound++;
|
||||
if (sig)
|
||||
psignal(p, sig);
|
||||
@ -1377,16 +1376,6 @@ kill(td, uap)
|
||||
register struct thread *td;
|
||||
register struct kill_args *uap;
|
||||
{
|
||||
|
||||
return kern_kill(td, uap, 1);
|
||||
}
|
||||
|
||||
int
|
||||
kern_kill(td, uap, pedantic)
|
||||
struct thread *td;
|
||||
struct kill_args *uap;
|
||||
int pedantic;
|
||||
{
|
||||
register struct proc *p;
|
||||
int error;
|
||||
|
||||
@ -1399,7 +1388,7 @@ kern_kill(td, uap, pedantic)
|
||||
if ((p = zpfind(uap->pid)) == NULL)
|
||||
return (ESRCH);
|
||||
}
|
||||
error = p_cansignal(td, p, uap->signum, pedantic);
|
||||
error = p_cansignal(td, p, uap->signum);
|
||||
if (error == 0 && uap->signum)
|
||||
psignal(p, uap->signum);
|
||||
PROC_UNLOCK(p);
|
||||
@ -1407,11 +1396,11 @@ kern_kill(td, uap, pedantic)
|
||||
}
|
||||
switch (uap->pid) {
|
||||
case -1: /* broadcast signal */
|
||||
return (killpg1(td, uap->signum, 0, 1, pedantic));
|
||||
return (killpg1(td, uap->signum, 0, 1));
|
||||
case 0: /* signal own process group */
|
||||
return (killpg1(td, uap->signum, 0, 0, pedantic));
|
||||
return (killpg1(td, uap->signum, 0, 0));
|
||||
default: /* negative explicit process group */
|
||||
return (killpg1(td, uap->signum, -uap->pid, 0, pedantic));
|
||||
return (killpg1(td, uap->signum, -uap->pid, 0));
|
||||
}
|
||||
/* NOTREACHED */
|
||||
}
|
||||
@ -1435,7 +1424,7 @@ okillpg(td, uap)
|
||||
|
||||
if ((u_int)uap->signum > _SIG_MAXSIG)
|
||||
return (EINVAL);
|
||||
return (killpg1(td, uap->signum, uap->pgid, 0, 1));
|
||||
return (killpg1(td, uap->signum, uap->pgid, 0));
|
||||
}
|
||||
#endif /* COMPAT_43 */
|
||||
|
||||
|
||||
@ -831,8 +831,7 @@ struct proc *zpfind(pid_t); /* Find zombie process by id. */
|
||||
void adjustrunqueue(struct thread *, int newpri);
|
||||
void ast(struct trapframe *framep);
|
||||
struct thread *choosethread(void);
|
||||
int cr_cansignal(struct ucred *cred, struct proc *proc, int signum,
|
||||
int pedantic);
|
||||
int cr_cansignal(struct ucred *cred, struct proc *proc, int signum);
|
||||
int enterpgrp(struct proc *p, pid_t pgid, struct pgrp *pgrp,
|
||||
struct session *sess);
|
||||
int enterthispgrp(struct proc *p, struct pgrp *pgrp);
|
||||
@ -849,8 +848,7 @@ void mi_switch(int flags, struct thread *newtd);
|
||||
int p_candebug(struct thread *td, struct proc *p);
|
||||
int p_cansee(struct thread *td, struct proc *p);
|
||||
int p_cansched(struct thread *td, struct proc *p);
|
||||
int p_cansignal(struct thread *td, struct proc *p, int signum,
|
||||
int pedantic);
|
||||
int p_cansignal(struct thread *td, struct proc *p, int signum);
|
||||
struct pargs *pargs_alloc(int len);
|
||||
void pargs_drop(struct pargs *pa);
|
||||
void pargs_free(struct pargs *pa);
|
||||
|
||||
@ -42,7 +42,6 @@ struct msqid_ds;
|
||||
struct rlimit;
|
||||
struct rusage;
|
||||
struct sockaddr;
|
||||
struct kill_args;
|
||||
struct stat;
|
||||
|
||||
int kern___getcwd(struct thread *td, u_char *buf, enum uio_seg bufseg,
|
||||
@ -70,7 +69,6 @@ int kern_getitimer(struct thread *, u_int, struct itimerval *);
|
||||
int kern_getrusage(struct thread *td, int who, struct rusage *rup);
|
||||
int kern_getsockopt(struct thread *td, int s, int level, int name,
|
||||
void *optval, enum uio_seg valseg, socklen_t *valsize);
|
||||
int kern_kill(struct thread *, struct kill_args *, int);
|
||||
int kern_lchown(struct thread *td, char *path, enum uio_seg pathseg,
|
||||
int uid, int gid);
|
||||
int kern_link(struct thread *td, char *path, char *link,
|
||||
|
||||
Loading…
Reference in New Issue
Block a user