Author: pjd
Date: Tue Nov 27 10:22:40 2012
New Revision: 243610
URL: http://svnweb.freebsd.org/changeset/base/243610
Log:
Allow to use kill(2) in capability mode, but process can send a signal only
to himself. For example abort(3) at first tries to do kill(getpid(), SIGABRT)
which was failing in capability mode, so the code was failing back to exit(1).
Reviewed by: rwatson
Obtained from: WHEEL Systems
MFC after: 2 weeks
Modified:
head/sys/kern/capabilities.conf
head/sys/kern/kern_sig.c
Modified: head/sys/kern/capabilities.conf
==============================================================================
--- head/sys/kern/capabilities.conf Tue Nov 27 10:16:48 2012
(r243609)
+++ head/sys/kern/capabilities.conf Tue Nov 27 10:22:40 2012
(r243610)
@@ -337,6 +337,11 @@ issetugid
kevent
##
+## Allow kill(2), as we allow the process to send signals only to himself.
+##
+kill
+
+##
## Allow message queue operations on file descriptors, subject to capability
## rights.
##
Modified: head/sys/kern/kern_sig.c
==============================================================================
--- head/sys/kern/kern_sig.c Tue Nov 27 10:16:48 2012 (r243609)
+++ head/sys/kern/kern_sig.c Tue Nov 27 10:22:40 2012 (r243610)
@@ -1679,6 +1679,14 @@ sys_kill(struct thread *td, struct kill_
struct proc *p;
int error;
+ /*
+ * A process in capability mode can send signals only to himself.
+ * The main rationale behind this is that abort(3) is implemented as
+ * kill(getpid(), SIGABRT).
+ */
+ if (IN_CAPABILITY_MODE(td) && uap->pid != td->td_proc->p_pid)
+ return (ECAPMODE);
+
AUDIT_ARG_SIGNUM(uap->signum);
AUDIT_ARG_PID(uap->pid);
if ((u_int)uap->signum > _SIG_MAXSIG)
_______________________________________________
svn-src-head@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/svn-src-head
To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"
