Re: /sbin/reboot and secmodel

To: Elad Efrat <elad%NetBSD.org@localhost>
Subject: Re: /sbin/reboot and secmodel
From: Christoph Badura <bad%bsd.de@localhost>
Date: Tue, 18 Mar 2008 10:22:52 +0100

On Tue, Mar 18, 2008 at 01:10:30AM +0200, Elad Efrat wrote:
> Christoph Badura wrote:
> >So, assuming that we would want to change our policy of signalling init(8)
> >to be overridable by different secmodel, why not just implement that?
> >I.e. change secmodel_bsd44 to return KAUTH_RESULT_DEFER when a process
> >tries to signal pid 1.

> That's only part of the problem: reboot signals init, but then also
> signals to (supposedly) all processes on the system with SIGTERM and
> SIGKILL to have them exit, too. While the reboot program will silently
> ignore the EPERMs, we'll only be pretending to have reboot working as
> it should. :)

Same difference.

The point is really that if we want to allow security models to authorize
actions that would normally forbidden by the "standard" secmodels then the
secmodels have to return KAUTH_RESULT_DEFER instead of KAUTH_RESULT_DENY
when they want to signal that they disallow an action by default.

--chris

Follow-Ups:
- Re: /sbin/reboot and secmodel
  - From: Elad Efrat

References:
- Re: /sbin/reboot and secmodel
  - From: Christoph Badura
- Re: /sbin/reboot and secmodel
  - From: Elad Efrat

Prev by Date: Re: /sbin/reboot and secmodel
Next by Date: Re: /sbin/reboot and secmodel
Previous by Thread: Re: /sbin/reboot and secmodel
Next by Thread: Re: /sbin/reboot and secmodel
Indexes:

Home | Main Index | Thread Index | Old Index