[PATCH 09/26] signal: Don't allow sending SIGKILL or SIGSTOP to init

From: Eric W. Biederman
Date: Tue Jun 06 2017 - 15:12:30 EST

Next message: Eric W. Biederman: "[PATCH 10/26] ptrace: Simplify ptrace_detach & exit_ptrace"
Previous message: Eric W. Biederman: "[PATCH 07/26] pidns: Improve the error handling in alloc_pid"
In reply to: Eric W. Biederman: "[PATCH 07/26] pidns: Improve the error handling in alloc_pid"
Next in thread: Eric W. Biederman: "[PATCH 10/26] ptrace: Simplify ptrace_detach & exit_ptrace"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Even to init SIGKILL and SIGSTOP are alwasys delivered if they are
sent, so don't allow tracing an init task allow them.

Signed-off-by: "Eric W. Biederman" <ebiederm@xxxxxxxxxxxx>
---
kernel/signal.c | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/kernel/signal.c b/kernel/signal.c
index 5eff2f9f8c42..627b482fa3f8 100644
--- a/kernel/signal.c
+++ b/kernel/signal.c
@@ -98,8 +98,12 @@ static int sig_ignored(struct task_struct *t, int sig, bool force)

/*
* Tracers may want to know about even ignored signals.
+ * We can never safely allow SIGKILL or SIGSTOP to
+ * be sent to init from it's children.
*/
- return !t->ptrace;
+ return !t->ptrace ||
+ ((t->signal->flags & SIGNAL_UNKILLABLE) &&
+ sig_kernel_only(sig) && !force);
}

/*
--
2.10.1

Next message: Eric W. Biederman: "[PATCH 10/26] ptrace: Simplify ptrace_detach & exit_ptrace"
Previous message: Eric W. Biederman: "[PATCH 07/26] pidns: Improve the error handling in alloc_pid"
In reply to: Eric W. Biederman: "[PATCH 07/26] pidns: Improve the error handling in alloc_pid"
Next in thread: Eric W. Biederman: "[PATCH 10/26] ptrace: Simplify ptrace_detach & exit_ptrace"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]