cvs commit: src/sys/i386/ibcs2 ibcs2_signal.c src/sys/kern kern_prot.c kern_sig.c src/sys/compat/linux linux_signal.c src/sys/compat/svr4 svr4_signal.c src/sys/sys proc.h syscallsubr.h src/sys/alpha/osf1 osf1_signal.c

Maxim Sobolev sobomax at portaone.com
Sun Feb 13 18:00:05 GMT 2005


Robert Watson wrote:
> On Sun, 13 Feb 2005, Maxim Sobolev wrote:
> 
> 
>>  Backout previous change (disabling of security checks for signals delivered
>>  in emulation layers), since it appears to be too broad.
>>  
>>  Requested by:   rwatson
> 
> 
> Thanks, and sorry if I was a bit too fierce.  This is not the first nit
> we've run into with the more conservative signal protections, which is why
> there's a sysctl to disable them in the first place.  However, I think
> they contribute usefully to security, so I'd rather augment them to be a
> bit more context-aware and permit what's necessary, while avoiding more
> sweeping granting of permission. 

OK, you have nothing to be sorry about. You have much more knowelledge 
in this domain than I, so that I really appreciate your review and analysis.

-Maxim


More information about the cvs-all mailing list