cvs commit: src/sys/kern kern_prot.c

Robert Watson rwatson at
Sun Sep 14 08:44:50 PDT 2003

On Sun, 14 Sep 2003, Dag-Erling Smørgrav wrote:

> Robert Watson <rwatson at> writes:
> >   Also, add SIGALRM to the set of signals permitted to be delivered to
> >   setugid processes by unprivileged subjects.
> Are you absolutely sure you want to do this?

In the thread, I discussed a few other possible approaches:

(1) Introduce a setugid() API to allow processes to knowingly discard
    additional protections.  This would require application changes.  The
    interface already exists as __setsugid() under options REGRESSION,
    FYI, but I didn't want to leave the knob exposed due to foot-shooting

(2) Introduce additional USR signals to be used in lieu of SIGALRM.  This
    also requires an application change.  Actually, I'm not sure I
    explicitly raised this in the thread, but it's the obvious direction: 
    reduce the opportunity for collision between exception signals and IPC

That said, to be frank, no, I'm not sure I want to do this.  But I also
want to make sure we don't break important applications.  The answer is
probably to bring the Diablo author and Diablo port maintainer in the loop
and discuss better alternatives.  Since the SIGALRM is programmatically
generated, I'm hopeful it isn't a documented admin knob on the program,
and therefore changing the signal number won't be a problem...

Robert N M Watson             FreeBSD Core Team, TrustedBSD Projects
robert at      Network Associates Laboratories

More information about the cvs-src mailing list