[HACKERS] semaphore usage "port based"?
Daniel Eischen
deischen at freebsd.org
Mon Apr 3 12:19:02 UTC 2006
On Mon, 3 Apr 2006, Andrew Thompson wrote:
> On Mon, Apr 03, 2006 at 01:23:59AM -0300, Marc G. Fournier wrote:
> >
> > taking it off of pgsql-hackers, so that we don't annoy them unnecessarily
> > ...
> >
> > 'k, looking at the code, not that most of it doesn't go over my head ...
> > but ...
> >
> > in kern/kern_jail.c, I can see the prison_check() call ... wouldn't one
> > want to make the change a bit further up? say in kern_prot.c? wouldn't
> > you want to change just cr_cansignal() to allow *just* for 'case 0', when
> > someone is just checking to see if a process is already running? I
> > wouldn't want to be able to SIGKILL the process from a different jail,
> > mind you ... maybe move the check for SIG0 to just before the
> > prison_check, since, unless I'm missing something, other then determining
> > that a process is, in fact, running, SIG0 is a benign signal?
> >
>
> I think the suggestion was to make this EPERM rather than ESRCH to make
> postgres a bit happier, not remove the check entirely. Im not familiar
> with that part of the kernel at all, so I cant say what the consequences
> will be apart from the obvious information leak.
I don't really see what the problem is. ESRCH seems perfectly
reasonable for trying to kill (even sig 0) a process from a
different jail. If you're in a jail, then you shouldn't have
knowledge of processes from other jails.
--
DE
More information about the freebsd-stable
mailing list