Subject: Re: protecting processes
To: None <tech-security@netbsd.org>
From: Christos Zoulas <christos@zoulas.com>
List: tech-security
Date: 07/11/1999 22:13:17
In article <199907110925.TAA13225@avalon.reed.wattle.id.au>,
Darren Reed <darrenr@reed.wattle.id.au> wrote:
>
>An interesting idea raised elsewhere was that of protecting process's
>from external influences (such as signals) for some given security
>level. Quickly thinking on this, what I think would work was having
>a sysctl flag, which was a set-only for securelevel >= 0, that allowed
>proceses to block/ignore/handle SIGKILL and SIGSTOP in addition to the
>normal cast of signals. Also, being able to protect select processes,
>in general, from ptrace() might be useful.
>
>Comments ?
In the end what you really want is a capability based system...
christos