> > > + * 1998-05-19 Security fix: don't allow SIGKILL & friends just because
> > > + * you have same real uid. Pavel Machek
> >
> > Catastrophe. I can no longer kill processes I created that happened to be
> > setuid. Please _THINK_ what you are trying to achieve, and understand why
>
> Ok - what I'm trying to achieve is that user will no longer be able to
> kill suid X server with SIGKILL. Please take a look at code: you still
Let me summarize:
- you want to disallow SIGKILL to processes which do raw I/O
- so you check for the suid() bit.
This is obviously _not_ correct, since:
- raw I/O will be a capability CAP_RAW_IO
- root may have some raw-I/O programs that are _not_ suid,
since root is the only one who is allowed to use the program
You are probably better off using some of the code in
my Out-Of-Memory killer. It checks:
- whether the x86 I/O bitmap has been set up
- whether the process has raw I/O capability (CAP_RAW_IO)
Now we probably want to modify the ioperm() and iopl()
syscalls to set CAP_RAW_IO, so we can do an easy arch
independant check.
(the capability itself is in the allowed bitmap and
it should only be set in the current bitmap when it's
actually used)
Rik.
+-------------------------------------------+--------------------------+
| Linux: - LinuxHQ MM-patches page | Scouting webmaster |
| - kswapd ask-him & complain-to guy | Vries cubscout leader |
| http://www.phys.uu.nl/~riel/ | <H.H.vanRiel@phys.uu.nl> |
+-------------------------------------------+--------------------------+
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu