Samuel Thibault <[EMAIL PROTECTED]> writes: > Roland McGrath, le Mon 28 Aug 2006 17:34:24 -0700, a écrit : >> It sounds like you are describing the intended behavior. >> You can't send a signal to a setuid program with kill. > > For a process to have permission to send a signal to a process designated > by pid, unless the sending process has appropriate privileges, the real or > effective user ID of the sending process shall match the real or saved > set-user-ID of the receiving process. > > And setuid programs keep the real user ID set to Joe user's, so that Joe > user can kill the program he launches.
This is not quite correct. Most setuid programs do *not* keep the real user ID alone; instead, the explicitly change it to match the effective user ID. This is important. If the "passwd" program could be interrupted at will be its caller, for example, then it might leave an incompletely written and locked password file around. Thomas _______________________________________________ Bug-hurd mailing list [email protected] http://lists.gnu.org/mailman/listinfo/bug-hurd
