Re: /sbin/reboot and secmodel

To: Christoph Badura <bad%bsd.de@localhost>
Subject: Re: /sbin/reboot and secmodel
From: Elad Efrat <elad%NetBSD.org@localhost>
Date: Tue, 18 Mar 2008 01:10:30 +0200

Christoph Badura wrote:

So, assuming that we would want to change our policy of signalling init(8)
to be overridable by different secmodel, why not just implement that?
I.e. change secmodel_bsd44 to return KAUTH_RESULT_DEFER when a process
tries to signal pid 1.

Then Emmanuel can create a secmodel that authorizes specific users to do
that by returing KAUTH_RESULT_ALLOW.


That's only part of the problem: reboot signals init, but then also
signals to (supposedly) all processes on the system with SIGTERM and
SIGKILL to have them exit, too. While the reboot program will silently
ignore the EPERMs, we'll only be pretending to have reboot working as
it should. :)

-e.

Follow-Ups:
- Re: /sbin/reboot and secmodel
  - From: Christoph Badura

References:
- Re: /sbin/reboot and secmodel
  - From: Christoph Badura

Prev by Date: Re: /sbin/reboot and secmodel
Next by Date: Re: /sbin/reboot and secmodel
Previous by Thread: Re: /sbin/reboot and secmodel
Next by Thread: Re: /sbin/reboot and secmodel
Indexes:

Home | Main Index | Thread Index | Old Index