What happens when a non-root user sends signals to root user’s process

Securitysignals

I'm wondering about the security of UNIX signals.

SIGKILL will kill the process. So, what happens when a non root user's process sends a signal to a root user's process? Does the process still carry out the signal handler?

I follow the accepted answer (gollum's), and I type man capabilites, and I find a lot of things about the Linux kernel. From man capabilities:

NAME

   capabilities - overview of Linux capabilities
DESCRIPTION

   For the purpose of performing permission checks, traditional UNIX
   implementations distinguish two categories of processes: privileged
   processes (whose effective user ID is 0, referred to as superuser or
   root), and unprivileged processes (whose effective UID is nonzero).
   Privileged processes bypass all kernel permission checks, while
   unprivileged processes are subject to full permission checking based
   on the process's credentials (usually: effective UID, effective GID,
   and supplementary group list).

   Starting with kernel 2.2, Linux divides the privileges traditionally
   associated with superuser into distinct units, known as capabilities,
   which can be independently enabled and disabled.  Capabilities are a
   per-thread attribute.

Best Answer

On Linux it depends on the file capabilities.

Take the following simple mykill.c source:

#include <stdio.h>
#include <sys/types.h>
#include <signal.h>
#include <stdlib.h>

void exit_usage(const char *prog) {
        printf("usage: %s -<signal> <pid>\n", prog);
        exit(1);
}

int main(int argc, char **argv) {
        pid_t pid;
        int sig;

        if (argc != 3)
                exit_usage(argv[0]);

        sig = atoi(argv[1]);
        pid = atoi(argv[2]);

        if (sig >= 0 || pid < 2)
                exit_usage(argv[0]);

        if (kill(pid, -sig) == -1) {
                perror("failed");
                return 1;
        }
        printf("successfully sent signal %d to process %d\n", -sig, pid);

        return 0;
}

build it:

gcc -Wall mykill.c -o /tmp/mykill

Now as user root start a sleep process in background:

root@horny:/root# /bin/sleep 3600 &
[1] 16098

Now as normal user try to kill it:

demouser@horny:/home/demouser$ ps aux | grep sleep
root     16098  0.0  0.0  11652   696 pts/20   S    15:06   0:00 sleep 500

demouser@horny:/home/demouser$ /tmp/mykill -9 16098
failed: Operation not permitted

Now as root user change the /tmp/mykill caps:

root@horny:/root# setcap cap_kill+ep /tmp/mykill

And try again as normal user:

demouser@horny:/home/demouser$ /tmp/mykill -9 16098
successfully sent signal 9 to process 16098

Finally please delete /tmp/mykill for obvious reasons ;)

Related Question