On Tuesday 06 April 2004 14:07, Daniel J Walsh wrote: No, no! In fact, do you need run_init at all? Gene

On Wed, 7 Apr 2004 04:17, Gene Czarcinski <gene(a)czarc.net&gt; wrote: That depends on what your aims are. Some daemons require write access to a terminal to allow them to start correctly, other daemons will start without terminal access but display useful error messages to stdout if it's available. It's generally not desirable to permit all daemons to access the administrator tty all the time (if a daemon has { read write ioctl } access to an admin tty then it shouldn't be difficult for an attacker who takes over the daemon to then take over the entire system). In Debian I made run_init open a new pty for the daemon start process so that the daemon could be permitted to write startup messages and afterwards the master end of the pty would be closed denying the daemon any access to do bad things. I have concluded that this isn't the ideal way of doing it as there are some problems with signals in the case where the parent exits before the child (the actual daemon process) closes it's tty. I think that the best way of doing this for strong security is to have run_init relabel it's controlling tty before spawning the daemon, and then label it back after the child exits. Something like this will probably end up in RHEL, although it will be optional. -- http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark http://www.coker.com.au/postal/ Postal SMTP/POP benchmark http://www.coker.com.au/~russell/ My home page