diff options
author | Oleg Nesterov <oleg@tv-sign.ru> | 2008-04-30 03:52:42 -0400 |
---|---|---|
committer | Linus Torvalds <torvalds@linux-foundation.org> | 2008-04-30 11:29:34 -0400 |
commit | 3b5e9e53c6f31b5a5a0f5c43707503c62bdefa46 (patch) | |
tree | 1244b7cf2755c06a8a793149ce4717e4a1311218 /kernel/signal.c | |
parent | 9e3bd6c3fb2334be171e69b432039cd18bce4458 (diff) |
signals: cleanup security_task_kill() usage/implementation
Every implementation of ->task_kill() does nothing when the signal comes from
the kernel. This is correct, but means that check_kill_permission() should
call security_task_kill() only for SI_FROMUSER() case, and we can remove the
same check from ->task_kill() implementations.
(sadly, check_kill_permission() is the last user of signal->session/__session
but we can't s/task_session_nr/task_session/ here).
NOTE: Eric W. Biederman pointed out cap_task_kill() should die, and I think
he is very right.
Signed-off-by: Oleg Nesterov <oleg@tv-sign.ru>
Cc: "Eric W. Biederman" <ebiederm@xmission.com>
Cc: Serge Hallyn <serue@us.ibm.com>
Cc: Roland McGrath <roland@redhat.com>
Cc: Casey Schaufler <casey@schaufler-ca.com>
Cc: David Quigley <dpquigl@tycho.nsa.gov>
Cc: Eric Paris <eparis@redhat.com>
Cc: Harald Welte <laforge@gnumonks.org>
Cc: Pavel Emelyanov <xemul@openvz.org>
Cc: Stephen Smalley <sds@tycho.nsa.gov>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Diffstat (limited to 'kernel/signal.c')
-rw-r--r-- | kernel/signal.c | 27 |
1 files changed, 14 insertions, 13 deletions
diff --git a/kernel/signal.c b/kernel/signal.c index f9a52c721274..91d57f89f5a5 100644 --- a/kernel/signal.c +++ b/kernel/signal.c | |||
@@ -533,22 +533,23 @@ static int rm_from_queue(unsigned long mask, struct sigpending *s) | |||
533 | static int check_kill_permission(int sig, struct siginfo *info, | 533 | static int check_kill_permission(int sig, struct siginfo *info, |
534 | struct task_struct *t) | 534 | struct task_struct *t) |
535 | { | 535 | { |
536 | int error = -EINVAL; | 536 | int error; |
537 | |||
537 | if (!valid_signal(sig)) | 538 | if (!valid_signal(sig)) |
538 | return error; | 539 | return -EINVAL; |
539 | 540 | ||
540 | if (info == SEND_SIG_NOINFO || (!is_si_special(info) && SI_FROMUSER(info))) { | 541 | if (info != SEND_SIG_NOINFO && (is_si_special(info) || SI_FROMKERNEL(info))) |
541 | error = audit_signal_info(sig, t); /* Let audit system see the signal */ | 542 | return 0; |
542 | if (error) | 543 | |
543 | return error; | 544 | error = audit_signal_info(sig, t); /* Let audit system see the signal */ |
544 | error = -EPERM; | 545 | if (error) |
545 | if (((sig != SIGCONT) || | ||
546 | (task_session_nr(current) != task_session_nr(t))) | ||
547 | && (current->euid ^ t->suid) && (current->euid ^ t->uid) | ||
548 | && (current->uid ^ t->suid) && (current->uid ^ t->uid) | ||
549 | && !capable(CAP_KILL)) | ||
550 | return error; | 546 | return error; |
551 | } | 547 | |
548 | if (((sig != SIGCONT) || (task_session_nr(current) != task_session_nr(t))) | ||
549 | && (current->euid ^ t->suid) && (current->euid ^ t->uid) | ||
550 | && (current->uid ^ t->suid) && (current->uid ^ t->uid) | ||
551 | && !capable(CAP_KILL)) | ||
552 | return -EPERM; | ||
552 | 553 | ||
553 | return security_task_kill(t, info, sig, 0); | 554 | return security_task_kill(t, info, sig, 0); |
554 | } | 555 | } |