Re: PATCH: signals security

Alan Cox (alan@lxorguk.ukuu.org.uk)
Wed, 20 May 1998 13:23:11 +0100 (BST)

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Alan Cox: "Re: Signal security"
Previous message: Alan Cox: "Re: 2.0.34pre15 opps.....DAMN IT!"

> > Catastrophe. I can no longer kill processes I created that happened to be
> > setuid. Please _THINK_ what you are trying to achieve, and understand why
> > the existing Unix decisions were made. There are 20 years of common sense
> > behind them.
>
> Ok - what I'm trying to achieve is that user will no longer be able to
> kill suid X server with SIGKILL. Please take a look at code: you still

SIGKILL is unblockable in Unix. There is a lot of logic to that. X can choose
to become totally setuid if it wishes. The ongoing fbcon/KGI work fixes
this problem the right way

> are able to send few fignals (that generated from
> keyboard). Alternatively, we might want to defend against SIGKILL only
> - everything else may be catched...

SIGKILL should never ever be blocked. Its the 'get out of mess' button.

> > Your code also appears to have broken signal delivery to processes that
> > are setuid and depend on it (such as rlogind).
>
> What signals need to be delivered to rlogind?

SIGURG, and maybe SIGIO

Alan

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu

Next message: Alan Cox: "Re: Signal security"
Previous message: Alan Cox: "Re: 2.0.34pre15 opps.....DAMN IT!"