yOn Mon, 3 Apr 2006, Robert Watson wrote:
On Mon, 3 Apr 2006, Marc G. Fournier wrote:
This falls under "well,we broke kill() so that it now reports a PID is not
in use even though it is, so its has to be the application that fixes it"
... and you *still* haven't shown *why* kill() reporting a PID is in use,
even if its not in the current jail, is such a security threat ...
It is an issue of completeness and consistency. We implement a single set of
access control checks between processes, and try to avoid exceptions to them.
This is one of my largest architectural gripes about access control in 4.x,
actually: everywhere you look, the same "check" is implemented differently.
Sometimes signal checks are done way, other times, other ways. Likewise,
debugging, monitoring, etc. In 5.x forward, we use a centralized set of
access control checks in order to provide consistent, reliable, and easy to
analyze policy. The more exceptions we introduced, the further we get from
that goal.
Agreed, in principle ... its just locking down something without a way
around it is ... painful :(
----
Marc G. Fournier Hub.Org Networking Services (http://www.hub.org)
Email: [EMAIL PROTECTED] Yahoo!: yscrappy ICQ: 7615664
_______________________________________________
[email protected] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
