abi-6.h 1.3 KB

1234567891011121314151617181920212223242526272829
  1. /* SPDX-License-Identifier: GPL-2.0-only */
  2. /**
  3. * DOC: erratum_2
  4. *
  5. * Erratum 2: Scoped signal handling
  6. * ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  7. *
  8. * This fix addresses an issue where signal scoping was overly restrictive,
  9. * preventing sandboxed threads from signaling other threads within the same
  10. * process if they belonged to different domains. Because threads are not
  11. * security boundaries, user space might assume that all threads within the same
  12. * process can send signals between themselves (see :manpage:`nptl(7)` and
  13. * :manpage:`libpsx(3)`). Consistent with :manpage:`ptrace(2)` behavior, direct
  14. * interaction between threads of the same process should always be allowed.
  15. * This change ensures that any thread is allowed to send signals to any other
  16. * thread within the same process, regardless of their domain.
  17. *
  18. * Impact:
  19. *
  20. * This problem only manifests when the userspace process is itself using
  21. * :manpage:`libpsx(3)` or an equivalent mechanism to enforce a Landlock policy
  22. * on multiple already-running threads at once. Programs which enforce a
  23. * Landlock policy at startup time and only then become multithreaded are not
  24. * affected. Without this fix, signal scoping could break multi-threaded
  25. * applications that expect threads within the same process to freely signal
  26. * each other.
  27. */
  28. LANDLOCK_ERRATUM(2)