Re: /sbin/reboot and secmodel

To: Brian Buhrow <buhrow%lothlorien.nfbcal.org@localhost>
Subject: Re: /sbin/reboot and secmodel
From: Elad Efrat <elad%NetBSD.org@localhost>
Date: Mon, 17 Mar 2008 17:55:28 +0200

Brian Buhrow wrote:

        Hello.  This may miss the point entirely, but don't you do this by
setting the group execute bit on  shutdown(8) only, and putting the users
you want to have  access to this utility in the appropriate group?
        Or, are you trying to eliminate set[GU]id programs entirely from the
system?


Not shutdown(8) as it can be used to do other things, but maybe
reboot(8). Anyway, I'd like to be able to implement this as a secmodel
policy rather than rely on sugid bits. (which, eventually, I'd like to
get rid off, yes ;)

If that's the case, I'm with smb, change the SEC model to allow access to
certain system calls by certain uids, or what ever criteria the sec model
can use, but make the sec model a gate keeper for the system calls.


The secmodel already does that. If you'd call reboot(2) directly, you'd
be granted access to reboot the system (verified). The problem is with
"graceful" rebooting, where reboot(8) is first trying to send a SIGTERM
to all processes, etc.

-e.

References:
- Re: /sbin/reboot and secmodel
  - From: Brian Buhrow

Prev by Date: Re: /sbin/reboot and secmodel
Next by Date: Re: /sbin/reboot and secmodel
Previous by Thread: Re: /sbin/reboot and secmodel
Next by Thread: Re: /sbin/reboot and secmodel
Indexes:

Home | Main Index | Thread Index | Old Index