Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP
Posting-Version: version B 2.10.2 9/18/84; site watmath.UUCP
Path: utzoo!watmath!kwlalonde
From: kwlalonde@watmath.UUCP (Ken Lalonde)
Newsgroups: net.sources.bugs
Subject: Serious bug in "zonk"
Message-ID: <588@watmath.UUCP>
Date: Fri, 20-Dec-85 06:32:47 EST
Article-I.D.: watmath.588
Posted: Fri Dec 20 06:32:47 1985
Date-Received: Sat, 21-Dec-85 00:47:56 EST
References: <16335@watmath.UUCP>
Distribution: net
Organization: U of Waterloo, Ontario
Lines: 39

Last September I posted the code and support programs for "zonk", a
kill-by-uid system call.  There is a bug in the system call code that
can cause a signal to be sent to as-yet unborn processes. 
The corrected code follows.

--

/*
 *  Zonk system call - apply a signal to every process owned by a user.
 *  A count of the affected processes is returned.
 *  If passed signal zero, no signal is sent; only the count is returned.
 */
zonk()
{
	struct a {
		int	uid;
		int	sig;
	} *uap = (struct a *)u.u_ap;
	register int sig = uap->sig;
	register int count, uid;
	register struct proc *p;

	if ((uid = uap->uid) != u.u_uid && !suser())
		return;
	if (uid == 0 && sig || (unsigned)sig >= NSIG) {
		u.u_error = EINVAL;
		return;
	}
	for (count = 0, p = proc; p < procNPROC; p++) {
		if (p->p_stat == NULL)
			continue;
		if (p->p_uid != uid)
			continue;
		if (sig)
			psignal(p, sig);
		count++;
	}
	u.u_r.r_val1 = count;
}