Re: /sbin/reboot and secmodel

[der Mouse <mouse%Rodents.Montreal.QC.CA@localhost>]

>> (a) I'm not sure this is a real problem.  Rebooting the system
>> *does* involve killing all processes, so I'm not sure "leveraging"
>> is a fair term to use here.
> I think the concern is being clever about the killing and killing
> only a handful of the processes.  i.e. enough to have an impact but
> not necessarily so many as to have the visibility that a real reboot
> has.

Then stop worrying.

reboot(8) does not kill individual processes; it uses the "send this
signal to the world" facility of kill(-1,...).  It either sends the
signal to everyone (if you nuke it after that) or nobody (if before);
there is no partway-through.  (Or, rather, if there is, there's a bug
in the implementation of kill(-1,...).)

>> [...] - basically, the same reason you traditionally can't kill(2) a
>> set-ID process you started.  [...]
> Yeah, that is one good consequence of set-ID.

Except it isn't, as someone (Elad, I think) pointed out upthread; I was
wrong in thinking it was.  (I'm not sure whether I think this is
something that should change or not.)

/~\ The ASCII                           der Mouse
\ / Ribbon Campaign
 X  Against HTML               mouse%rodents.montreal.qc.ca@localhost
/ \ Email!           7D C8 61 52 5D E7 2D 39  4E F1 31 3E E8 B3 27 4B