tech-kern archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: /sbin/reboot and secmodel



>>> Assuming you could do that, how would you make sure that a user
>>> granted the ability to reboot the system does not take advantage of
>>> this ability to let the reboot program kill some processes, and
>>> then SIGKILL it?
>> Exactly.  That's the weakness I see (Brian too, apparently).
> I don't see why this isn't solved by moving this work to init (not
> the kernel, please).

In this particular instance, it is.  But this is not going to be the
last time some multi-part privileged task causes trouble because
granting the privilege to perform its parts is far more than should be
granted to perform the conceptual task, and eventually one of them will
be impractically difficult to solve by pushing the whole task into some
already-existing privileged process.

/~\ The ASCII                           der Mouse
\ / Ribbon Campaign
 X  Against HTML               mouse%rodents.montreal.qc.ca@localhost
/ \ Email!           7D C8 61 52 5D E7 2D 39  4E F1 31 3E E8 B3 27 4B


Home | Main Index | Thread Index | Old Index