Re: /sbin/reboot and secmodel

To: tech-kern%NetBSD.org@localhost
Subject: Re: /sbin/reboot and secmodel
From: der Mouse <mouse%Rodents.Montreal.QC.CA@localhost>
Date: Mon, 17 Mar 2008 16:49:50 -0400 (EDT)

> I'm wondering if there's a way we can "encapsulate" the entire reboot
> process, such that a user can initiate it -- but not interfere with
> it.

sudo?  Between the restrictions on a nonprivileged user meddling with
another user's process and reboot(8) ignoring tty-generated signals,
there isn't much the user can do once reboot gets far enough to ignroe
signals.  (It probably should ignore more signals, though; I'm not sure
SIGTTOU can't be abused to stop it partway.)

/~\ The ASCII                           der Mouse
\ / Ribbon Campaign
 X  Against HTML               mouse%rodents.montreal.qc.ca@localhost
/ \ Email!           7D C8 61 52 5D E7 2D 39  4E F1 31 3E E8 B3 27 4B

Follow-Ups:
- Re: /sbin/reboot and secmodel
  - From: Elad Efrat

References:
- Re: /sbin/reboot and secmodel
  - From: Elad Efrat
- Re: /sbin/reboot and secmodel
  - From: Matthew Mondor
- Re: /sbin/reboot and secmodel
  - From: Elad Efrat

Prev by Date: Re: /sbin/reboot and secmodel
Next by Date: Re: /sbin/reboot and secmodel
Previous by Thread: Re: /sbin/reboot and secmodel
Next by Thread: Re: /sbin/reboot and secmodel
Indexes:

Home | Main Index | Thread Index | Old Index