From owner-cvs-all@FreeBSD.ORG  Sun Sep 14 00:22:40 2003
Return-Path: <owner-cvs-all@FreeBSD.ORG>
Delivered-To: cvs-all@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP
	id 44A7D16A4C0; Sun, 14 Sep 2003 00:22:40 -0700 (PDT)
Received: from repoman.freebsd.org (repoman.freebsd.org [216.136.204.115])
	by mx1.FreeBSD.org (Postfix) with ESMTP
	id 8F45843FE3; Sun, 14 Sep 2003 00:22:39 -0700 (PDT)
	(envelope-from rwatson@FreeBSD.org)
Received: from repoman.freebsd.org (localhost [127.0.0.1])
	by repoman.freebsd.org (8.12.6/8.12.6) with ESMTP id h8E7Md0U029428;
	Sun, 14 Sep 2003 00:22:39 -0700 (PDT)
	(envelope-from rwatson@repoman.freebsd.org)
Received: (from rwatson@localhost)
	by repoman.freebsd.org (8.12.6/8.12.6/Submit) id h8E7Mdvo029427;
	Sun, 14 Sep 2003 00:22:39 -0700 (PDT)
Message-Id: <200309140722.h8E7Mdvo029427@repoman.freebsd.org>
From: Robert Watson <rwatson@FreeBSD.org>
Date: Sun, 14 Sep 2003 00:22:39 -0700 (PDT)
To: src-committers@FreeBSD.org, cvs-src@FreeBSD.org,
	cvs-all@FreeBSD.org
X-FreeBSD-CVS-Branch: HEAD
Subject: cvs commit: src/sys/kern kern_prot.c
X-BeenThere: cvs-all@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: CVS commit messages for the entire tree <cvs-all.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/cvs-all>,
	<mailto:cvs-all-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/cvs-all>
List-Post: <mailto:cvs-all@freebsd.org>
List-Help: <mailto:cvs-all-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/cvs-all>,
	<mailto:cvs-all-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 14 Sep 2003 07:22:40 -0000

rwatson     2003/09/14 00:22:39 PDT

  FreeBSD src repository

  Modified files:
    sys/kern             kern_prot.c 
  Log:
  Add a new sysctl, security.bsd.conservative_signals, to disable
  special signal-delivery protections for setugid processes.  In the
  event that a system is relying on "unusual" signal delivery to
  processes that change their credentials, this can be used to work
  around application problems.
  
  Also, add SIGALRM to the set of signals permitted to be delivered to
  setugid processes by unprivileged subjects.
  
  Reported by:    Joe Greco <jgreco@ns.sol.net>
  
  Revision  Changes    Path
  1.176     +16 -1     src/sys/kern/kern_prot.c