<<< Date Index >>>     <<< Thread Index >>>

Re: COSEINC Linux Advisory #1: Linux Kernel Parent Process Death Signal Vulnerability



On Tue, 14 Aug 2007, Wojciech Purczynski wrote:

> 
> > I'm not sure this is a real security issue. If some process has the same
> > effective UID as the given one, the former can always send any signal to
> > the latter. Thus the behaviour you described is IMHO normal.
> 
> It becomes a security issue whenever suid process drops user's UIDs.
> 
But if it drops privileges (changes EUID back to RUID), it can't again send any 
signal to setuid process.
-- 

    Sincerely Your, Dan.