: Is it broken? It would be reasonably easy to fix, but do we really want to?
I think so, yes. (To both questions.)
However, the discussion has moved a bit from the original question,
from something that was broken to something that is quite acceptable.
The question was: Which permissions are required to send a signal?
Before version 1.2.3 the Linux code was much closer to the POSIX.1
specifications. Patch-1.2.3 contains the change
diff -u --recursive --new-file v1.2.2/linux/kernel/exit.c linux/kernel/exit.c
--- v1.2.2/linux/kernel/exit.c Thu Mar 9 20:37:36 1995
+++ linux/kernel/exit.c Thu Mar 30 15:54:00 1995
@@ -47,7 +47,7 @@
if (!p || sig > 32)
return -EINVAL;
if (!priv && ((sig != SIGCONT) || (current->session != p->session)) &&
- (current->euid != p->euid) && (current->uid != p->uid) && !suser())
+ (current->euid != p->euid) && (current->euid != p->uid) && !suser())
return -EPERM;
if (!sig)
return 0;
and I think this was not an improvement.
(Of course there are security implications, but I consider POSIX conformance
more important - user programs can be fixed. Probably this means that a suid
program must do setuid() if it does not want to be interrupted by a SIGKILL or so.)
I might submit a patch, but only possess POSIX.1-1990. I hope someone
will speak up if later versions of the standard have changed the rules.
Andries