On Sun, 3 Jul 2011, exorcistkiller wrote:
Hi! I am taking a FreeBSD course this summer and I'm doing a homework. A new
system call uidkill() is to be added. uidkill(uid_t uid, int signum) sends
signal specified by signum to all processes owned by uid, excluding the
calling process itself.
I'm almost done, however I get stuck with priv_check(). If the calling
process is trying to send signal to processes owned by others, permission
should be denied. My implementation simply uses an if (p->p_ucred->cr_uid ==
ksi.ksi_uid) to deny it, however priv_check() is required. My question is:
what privilege a process should have to send signal to processes owned by
others? PRIV_SIGNAL_DIFFCRED?
The right way to think about "privileges" in FreeBSD is that they exempt
subjects (usually processes) from normal access control rules -- typically as
a result of a root uid. The access control rules for signalling are captured
by p_cansignal() and cr_cansignal(), depending on whether the "subject" is a
process or a cached credential. Processes have access to slightly greater
rights than raw credentials due to additional context -- for example,
information about parent-child relationships. These functions then invoke
further privilege checks if required, perhaps overriding the normal
requirement that uids match, etc. kill() implements a couple of broadcast
modes for signals -- you may want to look at the implementation there to see
how this is done.
Robert
_______________________________________________
freebsd-hackers@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-hackers
To unsubscribe, send any mail to "freebsd-hackers-unsubscr...@freebsd.org"