tech-kern archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: /sbin/reboot and secmodel
Steven M. Bellovin wrote:
What occurs to me is to use secmodel to restrict or grant access to the
user-level program that does the shutdown -- that would avoid moving
too much goo to the kernel.
One thing that bothers me with granting access to the program is a
scenario where someone with privilege to reboot is trying to leverage
that privilege to kill arbitrary (or, given the way the killing is done,
specific) processes -- and stopping the program right before reboot(2)
is called.
As long as these phases of the reboot process are done in userland, I
think we're "reboot" implies "arbitrary process killing". Not sure how
much of a *real* issue that is :) but it's there.
Another thing to remember is that the secmodel in question works on
authorizing specific users -- not programs -- to have special privilege,
so it's up to the Emmanuel to decide whether that solution would work
for his needs or not.
-e.
Home |
Main Index |
Thread Index |
Old Index