Re: PATCH: signals security

Alan Cox (
Wed, 20 May 1998 13:23:11 +0100 (BST)

> > Catastrophe. I can no longer kill processes I created that happened to be
> > setuid. Please _THINK_ what you are trying to achieve, and understand why
> > the existing Unix decisions were made. There are 20 years of common sense
> > behind them.
> Ok - what I'm trying to achieve is that user will no longer be able to
> kill suid X server with SIGKILL. Please take a look at code: you still

SIGKILL is unblockable in Unix. There is a lot of logic to that. X can choose
to become totally setuid if it wishes. The ongoing fbcon/KGI work fixes
this problem the right way

> are able to send few fignals (that generated from
> keyboard). Alternatively, we might want to defend against SIGKILL only
> - everything else may be catched...

SIGKILL should never ever be blocked. Its the 'get out of mess' button.

> > Your code also appears to have broken signal delivery to processes that
> > are setuid and depend on it (such as rlogind).
> What signals need to be delivered to rlogind?

SIGURG, and maybe SIGIO


To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to