Hi,
There's an issue with Joe user being able to kill setuid programs that
he launches: on the sending side, glibc does:
err = HURD_MSGPORT_RPC (__proc_getmsgport (proc, pid, &msgport),
(taskerr = __proc_pid2task (proc, pid,
&refport)) ?
__proc_getsidport (proc, &refport) : 0, 1,
kill_port (msgport, refport));
}
I.e. asks proc for the task port, and if that fails, asks proc for the
session port, then it sends the signal.
It happens that since the target got setuid'ed, the proc server had set
it owned by root, and hence pid2task fails. I don't know exactly what
having a port on a task means, but I guess that's on purpose that even
if the real uid is Joe user, Joe user shouldn't have a task port on the
setuid-ed program.
As a result only proc_getsidport() works.
And on the receiving side, the ref port needs to be the task port for
letting any signal come in...
Samuel
_______________________________________________
Bug-hurd mailing list
Bug-hurd@gnu.org
http://lists.gnu.org/mailman/listinfo/bug-hurd
