[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: /sbin/reboot and secmodel
>> Traditional set-ID bits solve this as a side effect of the "you
>> can't kill(2) processes that aren't yours" restriction; I'm not sure
>> what should replace that.
> Perhaps I am missing something, but looking at [restrictions on
> So, for example, I don't see how a setgid program would be protected
> against taking a signal if the same user is running it and sending
> the signal.
> Testing this, I [find it works as it appears to]
(a) I'm..rather surprised by this. Thanks for the reality check.
(b) The whole discussion is a tempest in a teapot, since the risk we've
been worrying about has been there all along and the world hasn't caved
in, so I see nothing wrong with leaving it there at least for now.
/~\ The ASCII der Mouse
\ / Ribbon Campaign
X Against HTML mouse%rodents.montreal.qc.ca@localhost
/ \ Email! 7D C8 61 52 5D E7 2D 39 4E F1 31 3E E8 B3 27 4B
Main Index |
Thread Index |