signal transmission in ssh2

Dan Astoorian djast at cs.toronto.edu
Fri Feb 1 10:02:36 EST 2002


On Thu, 31 Jan 2002 12:18:24 EST, Markus Friedl writes:
> +	if (sig >= 0 && s->pid > 0) {
> +		debug("session_signal_req: killpg(%d, %d)",
> +		    s->pid, sig);
> +		if (killpg(s->pid, sig) < 0)
> +			error("session_signal_req: killpg(%d, %d): %s",
> +			    s->pid, sig, strerror(errno));

Is it safe for the server to be doing this?  Isn't the server running as
root when this code runs?

If the process for the session exec()s a privileged program, I'm worried
that this might potentially allow a signal to be sent to a program which
the user would not otherwise be allowed to deliver a signal to.

(I think "s->pid > 0" could be changed to "s->pid > 1", for the sake of
defensiveness; s->pid should never equal 1, but if it ever did happen,
the consequences might be disastrous: on some systems, process group 1
is reserved for kernel processes.)

-- 
Dan Astoorian               People shouldn't think that it's better to have
Sysadmin, CSLab             loved and lost than never loved at all.  It's
djast at cs.toronto.edu        not, it's better to have loved and won.  All
www.cs.toronto.edu/~djast/  the other options really suck.    --Dan Redican



More information about the openssh-unix-dev mailing list