Re: COSEINC Linux Advisory #1: Linux Kernel Parent Process Death Signal Vulnerability
On Tue, 14 Aug 2007, Wojciech Purczynski wrote:
>
> > I'm not sure this is a real security issue. If some process has the same
> > effective UID as the given one, the former can always send any signal to
> > the latter. Thus the behaviour you described is IMHO normal.
>
> It becomes a security issue whenever suid process drops user's UIDs.
>
But if it drops privileges (changes EUID back to RUID), it can't again send any
signal to setuid process.
--
Sincerely Your, Dan.