/sbin/reboot and secmodel

To: tech-kern%netbsd.org@localhost
Subject: /sbin/reboot and secmodel
From: Emmanuel Vadot <manu%bistoufly.org@localhost>
Date: Mon, 17 Mar 2008 12:07:25 +0100

Hello all,

After playing a little bit with secmodel, I've tried to authorized auser with a specific uid to reboot the system.

It didn't work as I expected and the secmodel callback isn't called at all.

After looking the code of reboot and talking about this with elad@, Isee that two things just allow the root user to call /sbin/reboot :


  128          if (geteuid())
  129                  errx(1, "%s", strerror(EPERM));

and

  188          if (kill(1, SIGTSTP) == -1)
  189                  err(1, "SIGTSTP init");

I think that the check of the uid can be removed since we trust thesecmodel.But for the signal SIGTSTP send to the init, I don't know, and honestlyI don't know what init does catching this signal :)


--
Manu

Follow-Ups:
- Re: /sbin/reboot and secmodel
  - From: der Mouse
- Re: /sbin/reboot and secmodel
  - From: Elad Efrat

Prev by Date: Re: linux_sg.c modification for SCSI Test Unit Ready command
Next by Date: Re: /sbin/reboot and secmodel
Previous by Thread: linux_sg.c modification for SCSI Test Unit Ready command
Next by Thread: Re: /sbin/reboot and secmodel
Indexes:

Home | Main Index | Thread Index | Old Index