> The MIPS struct sigcontext does not appear to have such dangerous
> state, with the possible exception of sc_fpc_eir, but that is neither
> saved by sendsig() nor restored by sigreturn(). Thus, MIPS doesn't
> need special checks.

In the Linux version of sigreturn, I saved an restored SR, CAUSE and
BADVADDR (because those fields exists in the sigcontext structure). We
do not handle them in NetBSD, hence I now suspect this introduce
security holes: is it safe to let the process modifying the saved SR?

-- 
Emmanuel Dreyfus.  
JavaScript est encapsule dans HTML, qui encapsulait
deja pas mal d'autres conneries comme ca.
manu@netbsd.org