xref: /linux/security/landlock/errata/abi-6.h (revision 186779c036468038b0d077ec5333a51512f867e5)
1 /* SPDX-License-Identifier: GPL-2.0-only */
2 
3 /**
4  * DOC: erratum_2
5  *
6  * Erratum 2: Scoped signal handling
7  * ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
8  *
9  * This fix addresses an issue where signal scoping was overly restrictive,
10  * preventing sandboxed threads from signaling other threads within the same
11  * process if they belonged to different domains.  Because threads are not
12  * security boundaries, user space might assume that any thread within the same
13  * process can send signals between themselves (see :manpage:`nptl(7)` and
14  * :manpage:`libpsx(3)`).  Consistent with :manpage:`ptrace(2)` behavior, direct
15  * interaction between threads of the same process should always be allowed.
16  * This change ensures that any thread is allowed to send signals to any other
17  * thread within the same process, regardless of their domain.
18  */
19 LANDLOCK_ERRATUM(2)
20