Re: /sbin/reboot and secmodel

To: Elad Efrat <elad%NetBSD.org@localhost>
Subject: Re: /sbin/reboot and secmodel
From: "Steven M. Bellovin" <smb%cs.columbia.edu@localhost>
Date: Mon, 17 Mar 2008 13:40:26 +0000

On Mon, 17 Mar 2008 13:38:39 +0200
Elad Efrat <elad%NetBSD.org@localhost> wrote:

> That one's a bit tricky. The reboot program tries to "gracefully"
> reboot the system by doing some things it believes it's doing as
> root. Since at the moment the KAUTH_SYSTEM_REBOOT action applies only
> to the very reboot(2) syscall, it "breaks" somewhere in the middle
> when trying to stop init (and later on signal all other processes).
> 
> While it may be possible to solve it with a lot of special casing, I
> wonder if we shouldn't just move a lot of that logic to the kernel,
> and add a RB_GRACEFUL to reboot(2), telling it "do all the things you
> used to do in userland".
> 
> Is anyone seeing possible problems taking this route? any other ideas
> on how to address this?
> 
What occurs to me is to use secmodel to restrict or grant access to the
user-level program that does the shutdown -- that would avoid moving
too much goo to the kernel.

                --Steve Bellovin, http://www.cs.columbia.edu/~smb

Follow-Ups:
- Re: /sbin/reboot and secmodel
  - From: Elad Efrat

References:
- /sbin/reboot and secmodel
  - From: Emmanuel Vadot
- Re: /sbin/reboot and secmodel
  - From: Elad Efrat

Prev by Date: Re: /sbin/reboot and secmodel
Next by Date: Re: /sbin/reboot and secmodel
Previous by Thread: Re: /sbin/reboot and secmodel
Next by Thread: Re: /sbin/reboot and secmodel
Indexes:

Home | Main Index | Thread Index | Old Index