cvs commit: src/sys/i386/ibcs2 ibcs2_signal.c src/sys/kern
kern_prot.c kern_sig.c src/sys/compat/linux linux_signal.c
src/sys/compat/svr4 svr4_signal.c src/sys/sys proc.h syscallsubr.h
sobomax at portaone.com
Sun Feb 13 18:00:05 GMT 2005
Robert Watson wrote:
> On Sun, 13 Feb 2005, Maxim Sobolev wrote:
>> Backout previous change (disabling of security checks for signals delivered
>> in emulation layers), since it appears to be too broad.
>> Requested by: rwatson
> Thanks, and sorry if I was a bit too fierce. This is not the first nit
> we've run into with the more conservative signal protections, which is why
> there's a sysctl to disable them in the first place. However, I think
> they contribute usefully to security, so I'd rather augment them to be a
> bit more context-aware and permit what's necessary, while avoiding more
> sweeping granting of permission.
OK, you have nothing to be sorry about. You have much more knowelledge
in this domain than I, so that I really appreciate your review and analysis.
More information about the cvs-all