I have tried to use prctl with PR_SET_PDEATHSIG and figured out that signal
is sent from kernel/exit.c
as user process signal (line #168):
if (p->pdeath_signal) send_sig(p->pdeath_signal, p, 0);
Please, note "0" as last argument. This means that signal delivery is
affected by permission checking.
Hence roughly speaking, if parent process has different uid than its child
the signal will not be delivered.
This seems to be wrong as:
1) Child requested to receive signal. The signal is not actually sent by
parent process.
2) If we should do permission check it should be done reverse: can child can
send signal to parent?
3) Permission check is not needed at all as child can poll to see whether
its parent is still alive: getppid() > 1. This means that no security
related information is given out by sending this signal unconditionally.
4) pdeath_signal do not survive over fork and exec.
The patch to change the behavior is:
--- linux-2.4.17/kernel/exit.c.pdeath Fri Dec 28 09:13:32 2001
+++ linux-2.4.17/kernel/exit.c Fri Dec 28 09:13:54 2001
@@ -165,7 +165,7 @@
p->exit_signal = SIGCHLD;
p->self_exec_id++;
p->p_opptr = child_reaper;
- if (p->pdeath_signal) send_sig(p->pdeath_signal, p, 0);
+ if (p->pdeath_signal) send_sig(p->pdeath_signal, p, 1);
}
}
read_unlock(&tasklist_lock);
==================================================
Is it possible to incorporate this change into the next version of kernel?
Any other comments?
Regards, Eugene
PS I am sorry for not being on this mailing list. I do not want to get all
of its heavy traffic. Please, CC reply to me as well.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/