diff options
| author | Theo de Raadt <deraadt@cvs.openbsd.org> | 1997-08-31 20:42:33 +0000 |
|---|---|---|
| committer | Theo de Raadt <deraadt@cvs.openbsd.org> | 1997-08-31 20:42:33 +0000 |
| commit | a92a8621636869003cc7fada3282dabf8e2908d8 (patch) | |
| tree | 021ef70139e06dead02f634e58755fca23983d72 /sys/kern/kern_sig.c | |
| parent | 05848e415adc11c00256a98bcdc331082dfef00a (diff) | |
for non-tty TIOCSPGRP/F_SETOWN/FIOSETOWN pgid setting calls, store uid
and euid as well, then deliver them using new csignal() interface
which ensures that pgid setting process is permitted to signal the
pgid process(es). Thanks to newsham@aloha.net for extensive help and
discussion.
Diffstat (limited to 'sys/kern/kern_sig.c')
| -rw-r--r-- | sys/kern/kern_sig.c | 42 |
1 files changed, 41 insertions, 1 deletions
diff --git a/sys/kern/kern_sig.c b/sys/kern/kern_sig.c index 4aa5bd87f1d..298f3caace6 100644 --- a/sys/kern/kern_sig.c +++ b/sys/kern/kern_sig.c @@ -1,4 +1,4 @@ -/* $OpenBSD: kern_sig.c,v 1.16 1997/02/01 21:49:41 deraadt Exp $ */ +/* $OpenBSD: kern_sig.c,v 1.17 1997/08/31 20:42:18 deraadt Exp $ */ /* $NetBSD: kern_sig.c,v 1.54 1996/04/22 01:38:32 christos Exp $ */ /* @@ -483,6 +483,46 @@ killpg1(cp, signum, pgid, all) return (nfound ? 0 : ESRCH); } +#define CANDELIVER(uid, euid, p) \ + (euid == 0 || \ + (uid) == (p)->p_cred->p_ruid || \ + (uid) == (p)->p_cred->p_svuid || \ + (uid) == (p)->p_ucred->cr_uid || \ + (euid) == (p)->p_cred->p_ruid || \ + (euid) == (p)->p_cred->p_svuid || \ + (euid) == (p)->p_ucred->cr_uid) + +/* + * Deliver signum to pgid, but first check uid/euid against each + * process and see if it is permitted. + */ +void +csignal(pgid, signum, uid, euid) + pid_t pgid; + int signum; + uid_t uid, euid; +{ + struct pgrp *pgrp; + struct proc *p; + + if (pgid == 0) + return; + if (pgid < 0) { + pgid = -pgid; + if ((pgrp = pgfind(pgid)) == NULL) + return; + for (p = pgrp->pg_members.lh_first; p; + p = p->p_pglist.le_next) + if (CANDELIVER(uid, euid, p)) + psignal(p, signum); + } else { + if ((p = pfind(pgid)) == NULL) + return; + if (CANDELIVER(uid, euid, p)) + psignal(p, signum); + } +} + /* * Send a signal to a process group. */ |