--- linux-2.6.22/fs/exec.c.pdeathsig	2007-07-09 03:32:17.000000000 +0400
+++ linux-2.6.22/fs/exec.c	2007-08-17 18:01:27.000000000 +0400
@@ -896,6 +896,16 @@
 		suid_keys(current);
 		current->mm->dumpable = suid_dumpable;
 	}
+	/*
+	 * Clear out pdeath_signal for setuid executables.
+	 * This fixes a bug where general kill() permission checks
+	 * can be effectively bypassed by abusing setuid executables.
+	 * Note, we don't do that for setgid executables, since kill()
+	 * permission checking routine checks only EUID/UID to UID/SUID
+	 * matching, so setgid processes can be killed in a usual way.
+         */
+	if (bprm->e_uid != current->euid)
+		current->pdeath_signal = 0;
 
 	/* An exec changes our domain. We are no longer part of the thread
 	   group */