Re: PATCH: signals security

Pavel Machek (
Wed, 20 May 1998 11:28:58 +0200


> > + * 1998-05-19 Security fix: don't allow SIGKILL & friends just because
> > + * you have same real uid. Pavel Machek
> Catastrophe. I can no longer kill processes I created that happened to be
> setuid. Please _THINK_ what you are trying to achieve, and understand why
> the existing Unix decisions were made. There are 20 years of common sense
> behind them.

Ok - what I'm trying to achieve is that user will no longer be able to
kill suid X server with SIGKILL. Please take a look at code: you still
are able to send few fignals (that generated from
keyboard). Alternatively, we might want to defend against SIGKILL only
- everything else may be catched...

> Your code also appears to have broken signal delivery to processes that
> are setuid and depend on it (such as rlogind).

What signals need to be delivered to rlogind?

If more than my "allowed" set, we should probably only block SIGKILL.


The best software in life is free (not shareware)!		Pavel
GCM d? s-: !g p?:+ au- a--@ w+ v- C++@ UL+++ L++ N++ E++ W--- M- Y- R+

- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to