[HACKERS] semaphore usage "port based"?
Robert Watson
rwatson at FreeBSD.org
Mon Apr 3 22:52:09 UTC 2006
On Mon, 3 Apr 2006, Marc G. Fournier wrote:
> This falls under "well,we broke kill() so that it now reports a PID is not
> in use even though it is, so its has to be the application that fixes it"
> ... and you *still* haven't shown *why* kill() reporting a PID is in use,
> even if its not in the current jail, is such a security threat ...
It is an issue of completeness and consistency. We implement a single set of
access control checks between processes, and try to avoid exceptions to them.
This is one of my largest architectural gripes about access control in 4.x,
actually: everywhere you look, the same "check" is implemented differently.
Sometimes signal checks are done way, other times, other ways. Likewise,
debugging, monitoring, etc. In 5.x forward, we use a centralized set of
access control checks in order to provide consistent, reliable, and easy to
analyze policy. The more exceptions we introduced, the further we get from
that goal.
Robert N M Watson
More information about the freebsd-stable
mailing list