Signal security

Pavel Machek (
Tue, 19 May 1998 22:07:23 +0200


On linux, any user may kill setuid program he ran with any signal. I
think that this is dangerous:

Consider user running passwd, waiting to just right moment, and then
killing passwd with SIGKILL (which it can not block). There even was
talk about that on bugtraq: they used it to simulate flood ping
without needing uid==0:

while [ true ]; do killall -14 ping; done

I'm afraid that there are more "creative" way to use this feature.

BSD solved by only allowing you to send certain signals (that
generated from keyboard) to programs with different euid but same real

I took a look at kernel/signal.c - it is understandable but as this is
really security-sensitive area I'm asking first.


I'm really 	   Pavel
Look at ;-).

- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to