signal transmission in ssh2
Damien Miller
djm at mindrot.org
Fri Feb 1 10:39:27 EST 2002
On Thu, 31 Jan 2002, Dan Astoorian wrote:
> On Thu, 31 Jan 2002 12:18:24 EST, Markus Friedl writes:
> > + if (sig >= 0 && s->pid > 0) {
> > + debug("session_signal_req: killpg(%d, %d)",
> > + s->pid, sig);
> > + if (killpg(s->pid, sig) < 0)
> > + error("session_signal_req: killpg(%d, %d): %s",
> > + s->pid, sig, strerror(errno));
>
> Is it safe for the server to be doing this? Isn't the server running as
> root when this code runs?
>
> If the process for the session exec()s a privileged program, I'm worried
> that this might potentially allow a signal to be sent to a program which
> the user would not otherwise be allowed to deliver a signal to.
A gratuitous fork+set[ug]id before the killpg would take care of this,
but is a little ugly.
-d
More information about the openssh-unix-dev
mailing list