Date: Fri, 29 May 1998 13:30:58 -0700 From: Cy Schubert - ITSD Open Systems Group <cschuber@uumail.gov.bc.ca> To: freebsd-security@FreeBSD.ORG, security-officer@FreeBSD.ORG Subject: Kill(2) Vulnerability Message-ID: <199805292031.NAA18667@passer.osg.gov.bc.ca>
next in thread | raw e-mail | index | archive | help
One of my co-workers brought this to my attention from http://www.openbsd.org/errata.html#kill. SECURITY FIX The kill(2) system call previously would permit a large set of signals to be delivered to setuid or setgid processes. If such processes were using those signals in dubious ways, this could have resulted in security problems of various kinds. The second revision of a source code patch which solves the problem is available. I haven't seen this discussed on FreeBSD-Security yet. I've looked at the CVS log for kern_sig.c, however I cannot see any fix in there for it. Has this been fixed somewhere else? Regards, Phone: (250)387-8437 Cy Schubert Fax: (250)387-5766 Open Systems Group Internet: cschuber@uumail.gov.bc.ca ITSD Cy.Schubert@gems8.gov.bc.ca Government of BC To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199805292031.NAA18667>