> > + * 1998-05-19 Security fix: don't allow SIGKILL & friends just because
> > + * you have same real uid. Pavel Machek
>
> Catastrophe. I can no longer kill processes I created that happened to be
> setuid. Please _THINK_ what you are trying to achieve, and understand why
> the existing Unix decisions were made. There are 20 years of common sense
> behind them.
Ok - what I'm trying to achieve is that user will no longer be able to
kill suid X server with SIGKILL. Please take a look at code: you still
are able to send few fignals (that generated from
keyboard). Alternatively, we might want to defend against SIGKILL only
- everything else may be catched...
> Your code also appears to have broken signal delivery to processes that
> are setuid and depend on it (such as rlogind).
What signals need to be delivered to rlogind?
If more than my "allowed" set, we should probably only block SIGKILL.
Pavel
-- The best software in life is free (not shareware)! Pavel GCM d? s-: !g p?:+ au- a--@ w+ v- C++@ UL+++ L++ N++ E++ W--- M- Y- R+- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.rutgers.edu