1 /* SPDX-License-Identifier: GPL-2.0-only */ 2 3 /** 4 * DOC: erratum_2 5 * 6 * Erratum 2: Scoped signal handling 7 * ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 8 * 9 * This fix addresses an issue where signal scoping was overly restrictive, 10 * preventing sandboxed threads from signaling other threads within the same 11 * process if they belonged to different domains. Because threads are not 12 * security boundaries, user space might assume that all threads within the same 13 * process can send signals between themselves (see :manpage:`nptl(7)` and 14 * :manpage:`libpsx(3)`). Consistent with :manpage:`ptrace(2)` behavior, direct 15 * interaction between threads of the same process should always be allowed. 16 * This change ensures that any thread is allowed to send signals to any other 17 * thread within the same process, regardless of their domain. 18 * 19 * Impact: 20 * 21 * This problem only manifests when the userspace process is itself using 22 * :manpage:`libpsx(3)` or an equivalent mechanism to enforce a Landlock policy 23 * on multiple already-running threads at once. Programs which enforce a 24 * Landlock policy at startup time and only then become multithreaded are not 25 * affected. Without this fix, signal scoping could break multi-threaded 26 * applications that expect threads within the same process to freely signal 27 * each other. 28 */ 29 LANDLOCK_ERRATUM(2) 30