tech-kern archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: /sbin/reboot and secmodel

>> Traditional set-ID bits solve this as a side effect of the "you
>> can't kill(2) processes that aren't yours" restriction; I'm not sure
>> what should replace that.
> Perhaps I am missing something, but looking at [restrictions on
> kill(2)]

> So, for example, I don't see how a setgid program would be protected
> against taking a signal if the same user is running it and sending
> the signal.


> Testing this, I [find it works as it appears to]

(a) I'm..rather surprised by this.  Thanks for the reality check.

(b) The whole discussion is a tempest in a teapot, since the risk we've
been worrying about has been there all along and the world hasn't caved
in, so I see nothing wrong with leaving it there at least for now.

/~\ The ASCII                           der Mouse
\ / Ribbon Campaign
 X  Against HTML     
/ \ Email!           7D C8 61 52 5D E7 2D 39  4E F1 31 3E E8 B3 27 4B

Home | Main Index | Thread Index | Old Index