Re: /sbin/reboot and secmodel

To: tech-kern%NetBSD.org@localhost
Subject: Re: /sbin/reboot and secmodel
From: der Mouse <mouse%Rodents.Montreal.QC.CA@localhost>
Date: Tue, 18 Mar 2008 00:13:18 -0400 (EDT)

>>> Assuming you could do that, how would you make sure that a user
>>> granted the ability to reboot the system does not take advantage of
>>> this ability to let the reboot program kill some processes, and
>>> then SIGKILL it?
>> Exactly.  That's the weakness I see (Brian too, apparently).
> I don't see why this isn't solved by moving this work to init (not
> the kernel, please).

In this particular instance, it is.  But this is not going to be the
last time some multi-part privileged task causes trouble because
granting the privilege to perform its parts is far more than should be
granted to perform the conceptual task, and eventually one of them will
be impractically difficult to solve by pushing the whole task into some
already-existing privileged process.

/~\ The ASCII                           der Mouse
\ / Ribbon Campaign
 X  Against HTML               mouse%rodents.montreal.qc.ca@localhost
/ \ Email!           7D C8 61 52 5D E7 2D 39  4E F1 31 3E E8 B3 27 4B

Follow-Ups:
- Re: /sbin/reboot and secmodel
  - From: Elad Efrat
- Re: /sbin/reboot and secmodel
  - From: Daniel Carosone

References:
- Re: /sbin/reboot and secmodel
  - From: Brian Buhrow
- Re: /sbin/reboot and secmodel
  - From: Elad Efrat
- Re: /sbin/reboot and secmodel
  - From: der Mouse
- Re: /sbin/reboot and secmodel
  - From: Daniel Carosone

Prev by Date: Re: /sbin/reboot and secmodel
Next by Date: Re: /sbin/reboot and secmodel
Previous by Thread: Re: /sbin/reboot and secmodel
Next by Thread: Re: /sbin/reboot and secmodel
Indexes:

Home | Main Index | Thread Index | Old Index