Serious bug in "zonk"
Ken Lalonde
kwlalonde at watmath.UUCP
Fri Dec 20 21:32:47 AEST 1985
Last September I posted the code and support programs for "zonk", a
kill-by-uid system call. There is a bug in the system call code that
can cause a signal to be sent to as-yet unborn processes.
The corrected code follows.
--
/*
* Zonk system call - apply a signal to every process owned by a user.
* A count of the affected processes is returned.
* If passed signal zero, no signal is sent; only the count is returned.
*/
zonk()
{
struct a {
int uid;
int sig;
} *uap = (struct a *)u.u_ap;
register int sig = uap->sig;
register int count, uid;
register struct proc *p;
if ((uid = uap->uid) != u.u_uid && !suser())
return;
if (uid == 0 && sig || (unsigned)sig >= NSIG) {
u.u_error = EINVAL;
return;
}
for (count = 0, p = proc; p < procNPROC; p++) {
if (p->p_stat == NULL)
continue;
if (p->p_uid != uid)
continue;
if (sig)
psignal(p, sig);
count++;
}
u.u_r.r_val1 = count;
}
More information about the Comp.sources.bugs
mailing list