tech-kern archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: /sbin/reboot and secmodel

Christoph Badura wrote:
So, assuming that we would want to change our policy of signalling init(8)
to be overridable by different secmodel, why not just implement that?
I.e. change secmodel_bsd44 to return KAUTH_RESULT_DEFER when a process
tries to signal pid 1.

Then Emmanuel can create a secmodel that authorizes specific users to do
that by returing KAUTH_RESULT_ALLOW.

Wow, I launch a big discuss here :)
To be clear with everyone, what I'm doing right now it's just pleasure and for testing the secmodel under NetBSD-4.0, just that. I'm new in coding in kernelland and I wanted to code a dynamic secmodel with a userland program to modify "rules" which apply under the bsd44 secmodel. I thought it was a good start cause it involves a lot of thing (secmodel, pseudo-device and ioctl for the dialog). I triggerded some bugs and talk to elad@ to find out what is the best way to doing something. So the question is not how I will doing some thing like reboot, is how thing have to be in the kernel I think. For those who want my code I think I'm gonna be able to release it at the end of the week.
I think secmodel is really a big improvment in the unix point of view.
I would kill someone to have an httpd (for exemple) which to not do a setgid(xxx) and setuid(xxx) just to run as user xxx and capable of bind the port 80 :) .
The possibility are infinite with this kind of design.
Just my two cents ....

Home | Main Index | Thread Index | Old Index