signal transmission in ssh2

Damien Miller djm at mindrot.org
Fri Feb 1 10:39:27 EST 2002


On Thu, 31 Jan 2002, Dan Astoorian wrote:

> On Thu, 31 Jan 2002 12:18:24 EST, Markus Friedl writes:
> > +	if (sig >= 0 && s->pid > 0) {
> > +		debug("session_signal_req: killpg(%d, %d)",
> > +		    s->pid, sig);
> > +		if (killpg(s->pid, sig) < 0)
> > +			error("session_signal_req: killpg(%d, %d): %s",
> > +			    s->pid, sig, strerror(errno));
> 
> Is it safe for the server to be doing this?  Isn't the server running as
> root when this code runs?
> 
> If the process for the session exec()s a privileged program, I'm worried
> that this might potentially allow a signal to be sent to a program which
> the user would not otherwise be allowed to deliver a signal to.

A gratuitous fork+set[ug]id before the killpg would take care of this, 
but is a little ugly.

-d





More information about the openssh-unix-dev mailing list