[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: /sbin/reboot and secmodel
>> (a) I'm not sure this is a real problem. Rebooting the system
>> *does* involve killing all processes, so I'm not sure "leveraging"
>> is a fair term to use here.
> I think the concern is being clever about the killing and killing
> only a handful of the processes. i.e. enough to have an impact but
> not necessarily so many as to have the visibility that a real reboot
Then stop worrying.
reboot(8) does not kill individual processes; it uses the "send this
signal to the world" facility of kill(-1,...). It either sends the
signal to everyone (if you nuke it after that) or nobody (if before);
there is no partway-through. (Or, rather, if there is, there's a bug
in the implementation of kill(-1,...).)
>> [...] - basically, the same reason you traditionally can't kill(2) a
>> set-ID process you started. [...]
> Yeah, that is one good consequence of set-ID.
Except it isn't, as someone (Elad, I think) pointed out upthread; I was
wrong in thinking it was. (I'm not sure whether I think this is
something that should change or not.)
/~\ The ASCII der Mouse
\ / Ribbon Campaign
X Against HTML mouse%rodents.montreal.qc.ca@localhost
/ \ Email! 7D C8 61 52 5D E7 2D 39 4E F1 31 3E E8 B3 27 4B
Main Index |
Thread Index |