for non-tty TIOCSPGRP/F_SETOWN/FIOSETOWN pgid setting calls, store uid

and euid as well, then deliver them using new csignal() interface
which ensures that pgid setting process is permitted to signal the
pgid process(es). Thanks to newsham@aloha.net for extensive help and
discussion.

1 files changed, 41 insertions, 1 deletions

diff --git a/sys/kern/kern_sig.c b/sys/kern/kern_sig.c
index 4aa5bd87f1d..298f3caace6 100644
--- a/sys/kern/kern_sig.c
+++ b/sys/kern/kern_sig.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: kern_sig.c,v 1.16 1997/02/01 21:49:41 deraadt Exp $	*/
+/*	$OpenBSD: kern_sig.c,v 1.17 1997/08/31 20:42:18 deraadt Exp $	*/
 /*	$NetBSD: kern_sig.c,v 1.54 1996/04/22 01:38:32 christos Exp $	*/
 
 /*
@@ -483,6 +483,46 @@ killpg1(cp, signum, pgid, all)
 	return (nfound ? 0 : ESRCH);
 }
 
+#define CANDELIVER(uid, euid, p) \
+	(euid == 0 || \
+	(uid) == (p)->p_cred->p_ruid || \
+	(uid) == (p)->p_cred->p_svuid || \
+	(uid) == (p)->p_ucred->cr_uid || \
+	(euid) == (p)->p_cred->p_ruid || \
+	(euid) == (p)->p_cred->p_svuid || \
+	(euid) == (p)->p_ucred->cr_uid)
+
+/*
+ * Deliver signum to pgid, but first check uid/euid against each
+ * process and see if it is permitted.
+ */
+void
+csignal(pgid, signum, uid, euid)
+	pid_t pgid;
+	int signum;
+	uid_t uid, euid;
+{
+	struct pgrp *pgrp;
+	struct proc *p;
+
+	if (pgid == 0)
+		return;
+	if (pgid < 0) {
+		pgid = -pgid;
+		if ((pgrp = pgfind(pgid)) == NULL)
+			return;
+		for (p = pgrp->pg_members.lh_first; p;
+		    p = p->p_pglist.le_next)
+			if (CANDELIVER(uid, euid, p))
+				psignal(p, signum);
+	} else {
+		if ((p = pfind(pgid)) == NULL)
+			return;
+		if (CANDELIVER(uid, euid, p))
+			psignal(p, signum);
+	}
+}
+
 /*
  * Send a signal to a process group.
  */