cvs commit: src/sys/i386/ibcs2 ibcs2_signal.c src/sys/kern
	kern_prot.c kern_sig.c src/sys/compat/linux linux_signal.c
	src/sys/compat/svr4 svr4_signal.c src/sys/sys proc.h syscallsubr.h
	src/sys/alpha/osf1 osf1_signal.c
    Robert Watson 
    rwatson at FreeBSD.org
       
    Sun Feb 13 17:39:55 GMT 2005
    
    
  
On Sun, 13 Feb 2005, Maxim Sobolev wrote:
>   Backout previous change (disabling of security checks for signals delivered
>   in emulation layers), since it appears to be too broad.
>   
>   Requested by:   rwatson
Thanks, and sorry if I was a bit too fierce.  This is not the first nit
we've run into with the more conservative signal protections, which is why
there's a sysctl to disable them in the first place.  However, I think
they contribute usefully to security, so I'd rather augment them to be a
bit more context-aware and permit what's necessary, while avoiding more
sweeping granting of permission. 
Robert N M Watson
    
    
More information about the cvs-src
mailing list