On Mon, 9 Oct 2000, Byron Stanoszek wrote:
> > it also might be good to have options to kill anything connected to a pty
> > first, and to not kill anything attatched to the console. obviously these
> > leave ways for admins to shoot themselves in the foot, but they could be
> > useful.
>
> I _had_ thought of that, but I don't know how clear that is in the process
> structure. Malicious users can simply run setsid() to detach from a controlling
> tty, thereby defeating the rule.
Well, I wasn't thinking about killing pty-attatched processes as being
necessarily 100% effective or secure, but merely potentially useful.
Clearly it doesn't help in the case of a malicious forkbombing user.
Sparing console processes seems like it should be reasonably secure though
(at least as secure as your console is).
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Sun Oct 15 2000 - 21:00:15 EST