CVSROOT: /cvs
Module name: src
Changes by: [email protected] 2026/05/05 07:00:00
Modified files:
sys/kern : kern_pledge.c
Log message:
Frank Denis using the Swival Security Scanner concludes that
kill(0,sig) should not be allowed because of a source code comment.
Actually, kill of the default pgid 0 MUST be allowed or large amounts
of userland software won't work. What pledge prevents is playing with
other process groups (ie. -pid where pid is not 0) which require
permission from the "proc" pledge. Killing the default pgrp 0 is a
common way for privsep (and other) software to tear itself down it's
process trees, for cases where a pipe read of 0 doesn't work.
The current behaviour is intentional, and the proposed diff was not
considered nor tested for consequences.
Change the comment very subtly to see which AI/human collaboration fails next.
