Boolean algebra error in 2.6.24?
- From: Rainer Weikusat <rweikusat@xxxxxxxxxxx>
- Date: Thu, 27 Mar 2008 18:38:27 +0100
On systems running 2.6.24, at will fail to send a SIGHUP to
atd after a job has been queued because of EPERM. The 'main' signal
permission check is in ../kernel/signal.c, subroutine 'bad_signal'
static int check_kill_permission(int sig, struct siginfo *info,
struct task_struct *t)
{
int error = -EINVAL;
if (!valid_signal(sig))
return error;
if (info == SEND_SIG_NOINFO || (!is_si_special(info) && SI_FROMUSER(info))) {
[ 'check for permission according to uid' ]
return error;
}
return security_task_kill(t, info, sig, 0);
}
The routine being ultimatively called by security_task_kill is
cap_task_kill in ../security/ commoncap.c:
int cap_task_kill(struct task_struct *p, struct siginfo *info,
int sig, u32 secid)
{
if (info != SEND_SIG_NOINFO && (is_si_special(info) || SI_FROMKERNEL(info)))
return 0;
['other checks']
if (capable(CAP_KILL))
return 0;
return -EPERM;
}
This routine (for the 'no fs capailities in use' case) will return
-EPERM if the initial condition is not true and the current doesn't
have CAP_KILL. Presumably, the purpose of the initial check is to
determine if the permission was already checked based on the uid and
to ok the kill if it was. This would imply that the two quoted complex
conditions must be equivalent (if the complex condition in check_ was
true and cap_ was called, the check in check_ must have been
successful.
Defining a ::= 'signal has info', b ::= 'info is special' and
c ::= 'sent from user', the first condition can be written as
!a || (!b && c) [1]
and the second as
a && (b || !c) [2]
[1] can be transformed as follows:
!a || (!b && c)
<=>
!a || !(b || !c)
<=>
!(a && (b || !c)) [3, !!]
meaning [2] is actually the opposite of [1], IOW when check_ oks the
signal, cap_ will deny it.
It is certain that at doesn't work with [2] and does work with [3].
Additionally, I have checked this with a truth table:
a b c !a || (!b && c) a && (b || !c) !(a && (b || !c))
0 0 0 1 0 1
0 0 1 1 0 1
0 1 0 1 0 1
0 1 1 1 0 1
1 0 0 0 1 0
1 0 1 1 0 1
1 1 0 0 1 0
1 1 1 0 1 0
Am I missing something here?
.
- Follow-Ups:
- Re: Boolean algebra error in 2.6.24?
- From: Gil Hamilton
- Re: Boolean algebra error in 2.6.24?
- Prev by Date: Re: Creating fragmentation using sockets (on ethernet)
- Next by Date: allocation of memory to a program
- Previous by thread: Future Risc
- Next by thread: Re: Boolean algebra error in 2.6.24?
- Index(es):
Relevant Pages
|
