Re: /sbin/reboot and secmodel

To: Christoph Badura <bad%bsd.de@localhost>
Subject: Re: /sbin/reboot and secmodel
From: Emmanuel Vadot <manu%bistoufly.org@localhost>
Date: Tue, 18 Mar 2008 00:18:42 +0100

Christoph Badura wrote:

So, assuming that we would want to change our policy of signalling init(8)
to be overridable by different secmodel, why not just implement that?
I.e. change secmodel_bsd44 to return KAUTH_RESULT_DEFER when a process
tries to signal pid 1.

Then Emmanuel can create a secmodel that authorizes specific users to do
that by returing KAUTH_RESULT_ALLOW.

--chris

Wow, I launch a big discuss here :)

To be clear with everyone, what I'm doing right now it's just pleasureand for testing the secmodel under NetBSD-4.0, just that.I'm new in coding in kernelland and I wanted to code a dynamic secmodelwith a userland program to modify "rules" which apply under the bsd44secmodel.I thought it was a good start cause it involves a lot of thing(secmodel, pseudo-device and ioctl for the dialog).I triggerded some bugs and talk to elad@ to find out what is the bestway to doing something.So the question is not how I will doing some thing like reboot, is howthing have to be in the kernel I think.For those who want my code I think I'm gonna be able to release it atthe end of the week.

I think secmodel is really a big improvment in the unix point of view.

I would kill someone to have an httpd (for exemple) which to not do asetgid(xxx) and setuid(xxx) just to run as user xxx and capable of bindthe port 80 :) .

The possibility are infinite with this kind of design.
Just my two cents ....
--
Manu

Follow-Ups:
- Re: /sbin/reboot and secmodel
  - From: Elad Efrat

References:
- Re: /sbin/reboot and secmodel
  - From: Christoph Badura

Prev by Date: Re: /sbin/reboot and secmodel
Next by Date: Pools vs kmem_alloc [Was: CVS commit: src/sys/kern]
Previous by Thread: Re: /sbin/reboot and secmodel
Next by Thread: Re: /sbin/reboot and secmodel
Indexes:

Home | Main Index | Thread Index | Old Index