On Thu, Jun 21, 2007 at 06:18:59PM +0100, Colm MacCarthaigh wrote: > On Thu, Jun 21, 2007 at 05:51:34PM +0100, Joe Orton wrote: > > On Sat, Jun 16, 2007 at 09:29:25PM -0000, Jim Jagielski wrote: > > Secondly: I think this approach is unnecessarily complex. I think it's > > sufficient to simply check whether the target process is in the right > > process group before sending a signal, i.e. getpgid(pid) == getpgrp(). > > This ensures that the parent will only kill things it created. > > I actually thought avoiding this was a design goal, to prevent someone > from killing piped loggers and cgi processes ?
What's the security threat there? Given that the attacker can arrange for arbitrary execution of code in any unprivileged child, preventing logging or CGI script execution is possible anyway. joe