Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/trunk]: src/sys Put signal delivery policy back in the subsystem.
details: https://anonhg.NetBSD.org/src/rev/50cb6fc70780
branches: trunk
changeset: 747833:50cb6fc70780
user: elad <elad%NetBSD.org@localhost>
date: Fri Oct 02 23:24:15 2009 +0000
description:
Put signal delivery policy back in the subsystem.
diffstat:
sys/kern/kern_sig.c | 30 ++++++++++++++++++++++++++++--
sys/secmodel/suser/secmodel_suser.c | 15 +++++----------
2 files changed, 33 insertions(+), 12 deletions(-)
diffs (96 lines):
diff -r ae5cf5dfcd8d -r 50cb6fc70780 sys/kern/kern_sig.c
--- a/sys/kern/kern_sig.c Fri Oct 02 23:18:12 2009 +0000
+++ b/sys/kern/kern_sig.c Fri Oct 02 23:24:15 2009 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: kern_sig.c,v 1.298 2009/05/24 21:41:26 ad Exp $ */
+/* $NetBSD: kern_sig.c,v 1.299 2009/10/02 23:24:15 elad Exp $ */
/*-
* Copyright (c) 2006, 2007, 2008 The NetBSD Foundation, Inc.
@@ -66,7 +66,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: kern_sig.c,v 1.298 2009/05/24 21:41:26 ad Exp $");
+__KERNEL_RCSID(0, "$NetBSD: kern_sig.c,v 1.299 2009/10/02 23:24:15 elad Exp $");
#include "opt_ptrace.h"
#include "opt_compat_sunos.h"
@@ -140,6 +140,29 @@
static const char lognocoredump[] =
"pid %d (%s), uid %d: exited on signal %d (core not dumped, err = %d)\n";
+static kauth_listener_t signal_listener;
+
+static int
+signal_listener_cb(kauth_cred_t cred, kauth_action_t action, void *cookie,
+ void *arg0, void *arg1, void *arg2, void *arg3)
+{
+ struct proc *p;
+ int result, signum;
+
+ result = KAUTH_RESULT_DEFER;
+ p = arg0;
+ signum = (int)(unsigned long)arg1;
+
+ if (action != KAUTH_PROCESS_SIGNAL)
+ return result;
+
+ if (kauth_cred_uidmatch(cred, p->p_cred) ||
+ (signum == SIGCONT && (curproc->p_session == p->p_session)))
+ result = KAUTH_RESULT_ALLOW;
+
+ return result;
+}
+
/*
* signal_init:
*
@@ -165,6 +188,9 @@
callout_init(&proc_stop_ch, CALLOUT_MPSAFE);
callout_setfunc(&proc_stop_ch, proc_stop_callout, NULL);
+
+ signal_listener = kauth_listen_scope(KAUTH_SCOPE_PROCESS,
+ signal_listener_cb, NULL);
}
/*
diff -r ae5cf5dfcd8d -r 50cb6fc70780 sys/secmodel/suser/secmodel_suser.c
--- a/sys/secmodel/suser/secmodel_suser.c Fri Oct 02 23:18:12 2009 +0000
+++ b/sys/secmodel/suser/secmodel_suser.c Fri Oct 02 23:24:15 2009 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: secmodel_suser.c,v 1.11 2009/10/02 23:18:12 elad Exp $ */
+/* $NetBSD: secmodel_suser.c,v 1.12 2009/10/02 23:24:15 elad Exp $ */
/*-
* Copyright (c) 2006 Elad Efrat <elad%NetBSD.org@localhost>
* All rights reserved.
@@ -38,7 +38,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: secmodel_suser.c,v 1.11 2009/10/02 23:18:12 elad Exp $");
+__KERNEL_RCSID(0, "$NetBSD: secmodel_suser.c,v 1.12 2009/10/02 23:24:15 elad Exp $");
#include <sys/types.h>
#include <sys/param.h>
@@ -513,16 +513,11 @@
p = arg0;
switch (action) {
- case KAUTH_PROCESS_SIGNAL: {
- int signum;
-
- signum = (int)(unsigned long)arg1;
+ case KAUTH_PROCESS_SIGNAL:
+ if (isroot)
+ result = KAUTH_RESULT_ALLOW;
- if (isroot || kauth_cred_uidmatch(cred, p->p_cred) ||
- (signum == SIGCONT && (curproc->p_session == p->p_session)))
- result = KAUTH_RESULT_ALLOW;
break;
- }
case KAUTH_PROCESS_CANSEE: {
unsigned long req;
Home |
Main Index |
Thread Index |
Old Index