CVS commit: src/sys

Fri, 02 Oct 2009 16:24:20 -0700 

Module Name:    src
Committed By:   elad
Date:           Fri Oct  2 23:24:15 UTC 2009

Modified Files:
        src/sys/kern: kern_sig.c
        src/sys/secmodel/suser: secmodel_suser.c

Log Message:
Put signal delivery policy back in the subsystem.


To generate a diff of this commit:
cvs rdiff -u -r1.298 -r1.299 src/sys/kern/kern_sig.c
cvs rdiff -u -r1.11 -r1.12 src/sys/secmodel/suser/secmodel_suser.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.


Modified files:

Index: src/sys/kern/kern_sig.c
diff -u src/sys/kern/kern_sig.c:1.298 src/sys/kern/kern_sig.c:1.299
--- src/sys/kern/kern_sig.c:1.298	Sun May 24 21:41:26 2009
+++ src/sys/kern/kern_sig.c	Fri Oct  2 23:24:15 2009
@@ -1,4 +1,4 @@
-/*	$NetBSD: kern_sig.c,v 1.298 2009/05/24 21:41:26 ad Exp $	*/
+/*	$NetBSD: kern_sig.c,v 1.299 2009/10/02 23:24:15 elad Exp $	*/
 
 /*-
  * Copyright (c) 2006, 2007, 2008 The NetBSD Foundation, Inc.
@@ -66,7 +66,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: kern_sig.c,v 1.298 2009/05/24 21:41:26 ad Exp $");
+__KERNEL_RCSID(0, "$NetBSD: kern_sig.c,v 1.299 2009/10/02 23:24:15 elad Exp $");
 
 #include "opt_ptrace.h"
 #include "opt_compat_sunos.h"
@@ -140,6 +140,29 @@
 static	const char lognocoredump[] =
     "pid %d (%s), uid %d: exited on signal %d (core not dumped, err = %d)\n";
 
+static kauth_listener_t signal_listener;
+
+static int
+signal_listener_cb(kauth_cred_t cred, kauth_action_t action, void *cookie,
+    void *arg0, void *arg1, void *arg2, void *arg3)
+{
+	struct proc *p;
+	int result, signum;
+
+	result = KAUTH_RESULT_DEFER;
+	p = arg0;
+	signum = (int)(unsigned long)arg1;
+
+	if (action != KAUTH_PROCESS_SIGNAL)
+		return result;
+
+	if (kauth_cred_uidmatch(cred, p->p_cred) ||
+	    (signum == SIGCONT && (curproc->p_session == p->p_session)))
+		result = KAUTH_RESULT_ALLOW;
+
+	return result;
+}
+
 /*
  * signal_init:
  *
@@ -165,6 +188,9 @@
 
 	callout_init(&proc_stop_ch, CALLOUT_MPSAFE);
 	callout_setfunc(&proc_stop_ch, proc_stop_callout, NULL);
+
+	signal_listener = kauth_listen_scope(KAUTH_SCOPE_PROCESS,
+	    signal_listener_cb, NULL);
 }
 
 /*

Index: src/sys/secmodel/suser/secmodel_suser.c
diff -u src/sys/secmodel/suser/secmodel_suser.c:1.11 src/sys/secmodel/suser/secmodel_suser.c:1.12
--- src/sys/secmodel/suser/secmodel_suser.c:1.11	Fri Oct  2 23:18:12 2009
+++ src/sys/secmodel/suser/secmodel_suser.c	Fri Oct  2 23:24:15 2009
@@ -1,4 +1,4 @@
-/* $NetBSD: secmodel_suser.c,v 1.11 2009/10/02 23:18:12 elad Exp $ */
+/* $NetBSD: secmodel_suser.c,v 1.12 2009/10/02 23:24:15 elad Exp $ */
 /*-
  * Copyright (c) 2006 Elad Efrat <e...@netbsd.org>
  * All rights reserved.
@@ -38,7 +38,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: secmodel_suser.c,v 1.11 2009/10/02 23:18:12 elad Exp $");
+__KERNEL_RCSID(0, "$NetBSD: secmodel_suser.c,v 1.12 2009/10/02 23:24:15 elad Exp $");
 
 #include <sys/types.h>
 #include <sys/param.h>
@@ -513,16 +513,11 @@
 	p = arg0;
 
 	switch (action) {
-	case KAUTH_PROCESS_SIGNAL: {
-		int signum;
-
-		signum = (int)(unsigned long)arg1;
-
-		if (isroot || kauth_cred_uidmatch(cred, p->p_cred) ||
-		    (signum == SIGCONT && (curproc->p_session == p->p_session)))
+	case KAUTH_PROCESS_SIGNAL:
+		if (isroot)
 			result = KAUTH_RESULT_ALLOW;
+
 		break;
-		}
 
 	case KAUTH_PROCESS_CANSEE: {
 		unsigned long req;

Reply via email to