site_archiver@lists.apple.com Delivered-To: darwin-dev@lists.apple.com On Apr 19, 2005, at 15:29, Dan Bernstein wrote: This is the right list. It seems to be possible for user A to kill -9 a process whose saved set-user-ID is 0 (root) and effective user ID is A's. Yup. Check 'man 2 kill' for details. Is there any way for a process to avoid getting killed like that when doing, say, a seteuid(A)-fopen()-seteuid(0) sequence to access a file under A's permissions (like pppd does with ~/.ppprc)? Regards, Justin -- Justin C. Walker, Curmudgeon-At-Large Institute for General Semantics -------- When LuteFisk is outlawed, Only outlaws will have LuteFisk -------- _______________________________________________ Do not post admin requests to the list. They will be ignored. Darwin-dev mailing list (Darwin-dev@lists.apple.com) Help/Unsubscribe/Update your Subscription: http://lists.apple.com/mailman/options/darwin-dev/site_archiver%40lists.appl... I hope the following is not too off-topic for darwin-dev. I am not aware of any way to do this. The only issue is permission, which is dictated by the uids of the sending and receiving processes. If they match, the signal is sent. Some signals can be caught or ignored, which may help somewhat, but some cannot be caught or ignored (e.g., SIGKILL). I can't say whether this will change in 10.4, but up through 10.3, this is my understanding of how things work. This email sent to site_archiver@lists.apple.com