> Emmanuel> In the Linux version of sigreturn, I saved an restored SR,
> Emmanuel> CAUSE and BADVADDR (because those fields exists in the
> Emmanuel> sigcontext structure). We do not handle them in NetBSD,
> Emmanuel> hence I now suspect this introduce security holes: is it
> Emmanuel> safe to let the process modifying the saved SR?
> 
> The CAUSE and BADVADDR registers are not restored on return to
> user-mode, so saving those registers is mostly harmless. SR should not
> be modifiable from user-mode code, since that's the register that
> controls whether the system is in user-mode or kernel mode.

Hence I should check in linux_sys_sigreturn that MIPS3_SR_SX and
MIPS3_SR_KX are not set in the saved SR. 

Maybe I need to check interupt mask (to make sure the process cannot
disable interupts and hence hang the machine)? 

Is there anything else I should check? Or should I just avoid restoring
SR in sigreturn? Is there any information the user process could change
in SR?

-- 
Emmanuel Dreyfus.   
Il ne suffit pas de crier l'iMac, l'iMac! en sautant comme un cabri...
manu@netbsd.org