"Perry E. Metzger" <perry@piermont.com> writes:

> christos@zoulas.com (Christos Zoulas) writes:
> > In article <199907110925.TAA13225@avalon.reed.wattle.id.au>,
> > Darren Reed <darrenr@reed.wattle.id.au> wrote:
> > >
> > >An interesting idea raised elsewhere was that of protecting process's
> > >from external influences (such as signals) for some given security
> > >level.  Quickly thinking on this, what I think would work was having
> > >a sysctl flag, which was a set-only for securelevel >= 0, that allowed
> > >proceses to block/ignore/handle SIGKILL and SIGSTOP in addition to the
> > >normal cast of signals.  Also, being able to protect select processes,
> > >in general, from ptrace() might be useful.
> > >
> > >Comments ?
> > 
> > In the end what you really want is a capability based system... 
> 
> Certainly adding five thousand little hacks isn't as good as coming up 
> with a more generic mechanism, yes.

What's wrong with an exec-immutable bit :)