tech-kern archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: /sbin/reboot and secmodel

> I'm wondering if there's a way we can "encapsulate" the entire reboot
> process, such that a user can initiate it -- but not interfere with
> it.

sudo?  Between the restrictions on a nonprivileged user meddling with
another user's process and reboot(8) ignoring tty-generated signals,
there isn't much the user can do once reboot gets far enough to ignroe
signals.  (It probably should ignore more signals, though; I'm not sure
SIGTTOU can't be abused to stop it partway.)

/~\ The ASCII                           der Mouse
\ / Ribbon Campaign
 X  Against HTML     
/ \ Email!           7D C8 61 52 5D E7 2D 39  4E F1 31 3E E8 B3 27 4B

Home | Main Index | Thread Index | Old Index