From 9844fbc3b57290b4d3439b8e29215db1d0f52ac8 Mon Sep 17 00:00:00 2001
From: Robert Watson <rwatson@FreeBSD.org>
Date: Sat, 15 Sep 2001 22:34:46 +0000
Subject: [PATCH] o Correct authorization check in CANSIGIO(), which suffered
 from incorrect   transcription during the (pcred,ucred) merge; this was not
 used for   the kill() system call, so does not affect direct explicit process
   signalling.

Pointed out by:	fenner
---
 sys/kern/kern_sig.c | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/sys/kern/kern_sig.c b/sys/kern/kern_sig.c
index 233bdbea1eaa..cd5c5ea9a0d2 100644
--- a/sys/kern/kern_sig.c
+++ b/sys/kern/kern_sig.c
@@ -99,13 +99,14 @@ SYSCTL_INT(_kern, KERN_LOGSIGEXIT, logsigexit, CTLFLAG_RW,
 
 /*
  * Policy -- Can ucred cr1 send SIGIO to process cr2?
+ * XXX: should use suser(), p_cansignal().
  */
 #define CANSIGIO(cr1, cr2) \
 	((cr1)->cr_uid == 0 || \
-	    (cr2)->cr_ruid == (cr2)->cr_ruid || \
-	    (cr2)->cr_uid == (cr2)->cr_ruid || \
-	    (cr2)->cr_ruid == (cr2)->cr_uid || \
-	    (cr2)->cr_uid == (cr2)->cr_uid)
+	    (cr1)->cr_ruid == (cr2)->cr_ruid || \
+	    (cr1)->cr_uid == (cr2)->cr_ruid || \
+	    (cr1)->cr_ruid == (cr2)->cr_uid || \
+	    (cr1)->cr_uid == (cr2)->cr_uid)
 
 int sugid_coredump;
 SYSCTL_INT(_kern, OID_AUTO, sugid_coredump, CTLFLAG_RW,