On Mon, 3 Apr 2006, Marc G. Fournier wrote:
This falls under "well,we broke kill() so that it now reports a PID is not in use even though it is, so its has to be the application that fixes it" ... and you *still* haven't shown *why* kill() reporting a PID is in use, even if its not in the current jail, is such a security threat ...
It is an issue of completeness and consistency. We implement a single set of access control checks between processes, and try to avoid exceptions to them. This is one of my largest architectural gripes about access control in 4.x, actually: everywhere you look, the same "check" is implemented differently. Sometimes signal checks are done way, other times, other ways. Likewise, debugging, monitoring, etc. In 5.x forward, we use a centralized set of access control checks in order to provide consistent, reliable, and easy to analyze policy. The more exceptions we introduced, the further we get from that goal.
Robert N M Watson _______________________________________________ [email protected] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to "[EMAIL PROTECTED]"
