Autzoo.1055
net.v7bugs
utzoo!henry
Sun Oct 25 00:49:57 1981
signals vs uids
Standard V7 lets signals through to a process only if the effective uid
matches.  Problem:  one sometimes needs to kill a setuid process one
has started.  No way.  There are two relevant considerations:

1. Clearly, if you start it, you should be able to stop it.

2. Equally clearly, one reason a setuid program goes setuid is to diddle
       a privileged database.  Killing passwd(1) in the middle of an
       update to /etc/passwd is a poor idea.

Consideration #2 means you cannot just test both real and effective uids.
Privileged updates can get arbitrarily complex, and there is no general
way for the kernel to tell whether a process is doing one.

Proposal:  a signal is transmitted if the effective uids match, or if the
real uids match AND THE SIGNAL IS BEING CAUGHT.  This solves the problem
by letting signals through to setuid processes only if the process is
explicitly prepared for them.  Comments?

-----------------------------------------------------------------
gopher://quux.org/ conversion by John Goerzen <[email protected]>
of http://communication.ucsd.edu/A-News/


This Usenet Oldnews Archive
article may be copied and distributed freely, provided:

1. There is no money collected for the text(s) of the articles.

2. The following notice remains appended to each copy:

The Usenet Oldnews Archive: Compilation Copyright (C) 1981, 1996
Bruce Jones, Henry Spencer, David Wiseman.

You are viewing proxied material from gopher.quux.org. The copyright of proxied material belongs to its original authors. Any comments or complaints in relation to proxied material should be directed to the original authors of the content concerned. Please see the disclaimer for more details.