diff options
| -rw-r--r-- | kernel/signal.c | 27 | ||||
| -rw-r--r-- | security/selinux/hooks.c | 3 | ||||
| -rw-r--r-- | security/smack/smack_lsm.c | 9 |
3 files changed, 14 insertions, 25 deletions
diff --git a/kernel/signal.c b/kernel/signal.c index f9a52c721274..91d57f89f5a5 100644 --- a/kernel/signal.c +++ b/kernel/signal.c | |||
| @@ -533,22 +533,23 @@ static int rm_from_queue(unsigned long mask, struct sigpending *s) | |||
| 533 | static int check_kill_permission(int sig, struct siginfo *info, | 533 | static int check_kill_permission(int sig, struct siginfo *info, |
| 534 | struct task_struct *t) | 534 | struct task_struct *t) |
| 535 | { | 535 | { |
| 536 | int error = -EINVAL; | 536 | int error; |
| 537 | |||
| 537 | if (!valid_signal(sig)) | 538 | if (!valid_signal(sig)) |
| 538 | return error; | 539 | return -EINVAL; |
| 539 | 540 | ||
| 540 | if (info == SEND_SIG_NOINFO || (!is_si_special(info) && SI_FROMUSER(info))) { | 541 | if (info != SEND_SIG_NOINFO && (is_si_special(info) || SI_FROMKERNEL(info))) |
| 541 | error = audit_signal_info(sig, t); /* Let audit system see the signal */ | 542 | return 0; |
| 542 | if (error) | 543 | |
| 543 | return error; | 544 | error = audit_signal_info(sig, t); /* Let audit system see the signal */ |
| 544 | error = -EPERM; | 545 | if (error) |
| 545 | if (((sig != SIGCONT) || | ||
| 546 | (task_session_nr(current) != task_session_nr(t))) | ||
| 547 | && (current->euid ^ t->suid) && (current->euid ^ t->uid) | ||
| 548 | && (current->uid ^ t->suid) && (current->uid ^ t->uid) | ||
| 549 | && !capable(CAP_KILL)) | ||
| 550 | return error; | 546 | return error; |
| 551 | } | 547 | |
| 548 | if (((sig != SIGCONT) || (task_session_nr(current) != task_session_nr(t))) | ||
| 549 | && (current->euid ^ t->suid) && (current->euid ^ t->uid) | ||
| 550 | && (current->uid ^ t->suid) && (current->uid ^ t->uid) | ||
| 551 | && !capable(CAP_KILL)) | ||
| 552 | return -EPERM; | ||
| 552 | 553 | ||
| 553 | return security_task_kill(t, info, sig, 0); | 554 | return security_task_kill(t, info, sig, 0); |
| 554 | } | 555 | } |
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index 85a220465a8f..1b50a6ebc55f 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c | |||
| @@ -3286,9 +3286,6 @@ static int selinux_task_kill(struct task_struct *p, struct siginfo *info, | |||
| 3286 | if (rc) | 3286 | if (rc) |
| 3287 | return rc; | 3287 | return rc; |
| 3288 | 3288 | ||
| 3289 | if (info != SEND_SIG_NOINFO && (is_si_special(info) || SI_FROMKERNEL(info))) | ||
| 3290 | return 0; | ||
| 3291 | |||
| 3292 | if (!sig) | 3289 | if (!sig) |
| 3293 | perm = PROCESS__SIGNULL; /* null signal; existence test */ | 3290 | perm = PROCESS__SIGNULL; /* null signal; existence test */ |
| 3294 | else | 3291 | else |
diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c index fe0ae1bf1650..b5c8f9237008 100644 --- a/security/smack/smack_lsm.c +++ b/security/smack/smack_lsm.c | |||
| @@ -1131,15 +1131,6 @@ static int smack_task_kill(struct task_struct *p, struct siginfo *info, | |||
| 1131 | int sig, u32 secid) | 1131 | int sig, u32 secid) |
| 1132 | { | 1132 | { |
| 1133 | /* | 1133 | /* |
| 1134 | * Special cases where signals really ought to go through | ||
| 1135 | * in spite of policy. Stephen Smalley suggests it may | ||
| 1136 | * make sense to change the caller so that it doesn't | ||
| 1137 | * bother with the LSM hook in these cases. | ||
| 1138 | */ | ||
| 1139 | if (info != SEND_SIG_NOINFO && | ||
| 1140 | (is_si_special(info) || SI_FROMKERNEL(info))) | ||
| 1141 | return 0; | ||
| 1142 | /* | ||
| 1143 | * Sending a signal requires that the sender | 1134 | * Sending a signal requires that the sender |
| 1144 | * can write the receiver. | 1135 | * can write the receiver. |
| 1145 | */ | 1136 | */ |