tech-kern archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: /sbin/reboot and secmodel



Christos Zoulas wrote:
On Mar 17, 11:36pm, elad%NetBSD.org@localhost (Elad Efrat) wrote:
-- Subject: Re: /sbin/reboot and secmodel

| Christos Zoulas wrote:
| | > Kill is already special-cased on pid == 1... Perhaps we can add the
| > kauth glue for reboot (permission check) there too?
| | How (and where) is kill special-cased on pid == 1?

kern_sig.c:

In killpg1() for example:

                        if (p->p_pid <= 1 || p->p_flag & PK_SYSTEM || p == cp)
                                continue;
...
                        if (p->p_pid <= 1 || p->p_flag & PK_SYSTEM)
                                continue;

Or in issignal():
                        /*
                         * Don't take default actions on system processes.
                         */
                        if (p->p_pid <= 1) {
#ifdef DIAGNOSTIC
                                /*
                                 * Are you sure you want to ignore SIGSEGV
                                 * in init? XXX
                                 */

...no? :)

                                printf_nolog("Process (pid %d) got sig %d\n",
                                    p->p_pid, signo);
#endif
                                continue;
                        }

(we'll have to revisit these special-cases sometime; some of them used
to compare with initproc, and some of them were moved into
secmodel_bsd44's code...

Alright -- can you elaborate on what kind of kauth glue you want to add
there?

-e.


Home | Main Index | Thread Index | Old Index