Re: /sbin/reboot and secmodel

To: mouse%netbsd.org@localhost
Subject: Re: /sbin/reboot and secmodel
From: Elad Efrat <elad%NetBSD.org@localhost>
Date: Mon, 17 Mar 2008 23:08:58 +0200

der Mouse wrote:

I'm wondering if there's a way we can "encapsulate" the entire reboot
process, such that a user can initiate it -- but not interfere with
it.


sudo?  Between the restrictions on a nonprivileged user meddling with
another user's process and reboot(8) ignoring tty-generated signals,
there isn't much the user can do once reboot gets far enough to ignroe
signals.  (It probably should ignore more signals, though; I'm not sure
SIGTTOU can't be abused to stop it partway.)


Is sudo even an option in our context? also, do we want to tell people
"...and you have to use this 3rd-party tool, too, to make your secmodel
work"? :)

-e.

References:
- Re: /sbin/reboot and secmodel
  - From: Elad Efrat
- Re: /sbin/reboot and secmodel
  - From: Matthew Mondor
- Re: /sbin/reboot and secmodel
  - From: Elad Efrat
- Re: /sbin/reboot and secmodel
  - From: der Mouse

Prev by Date: Re: /sbin/reboot and secmodel
Next by Date: Re: /sbin/reboot and secmodel
Previous by Thread: Re: /sbin/reboot and secmodel
Next by Thread: Re: /sbin/reboot and secmodel
Indexes:

Home | Main Index | Thread Index | Old Index