*BSD News Article 14575


Return to BSD News archive

Path: sserve!newshost.anu.edu.au!munnari.oz.au!network.ucsd.edu!news.acns.nwu.edu!zaphod.mps.ohio-state.edu!swrinde!emory!sol.ctr.columbia.edu!ira.uka.de!news.dfn.de!mailgzrz.TU-Berlin.DE!ceres.fokus.gmd.de!gmdtub!ats
From: ats@bigfoot.first.gmd.de (Andreas Schulz)
Newsgroups: comp.os.386bsd.development
Subject: Re: SIGKILL and kill
Keywords: SIGNALS SECURITY
Message-ID: <3309@bigfoot.first.gmd.de>
Date: 17 Apr 93 16:03:43 GMT
References: <1qo3mq$d4b@news.cs.tu-berlin.de>
Organization: GMD-FIRST, Berlin
Lines: 29

In article <1qo3mq$d4b@news.cs.tu-berlin.de> klier@cs.tu-berlin.de (Jan Klier) writes:

 some lines deleted ....

>
>My idea is now (and I post it here because it could be tested experimentally
>in 386bsd) to modify the kill-programm in order to restrict the SIGKILL signal
>to the superuser.
>This will force users to use the safe TERM-signal when the terminate processes
>and still leaves the door open for really hung situation where a SIGKILL is
>necessary.
>
>Any comments?

Yes, don't do that. I think, the only cure to this is to educate your
users, that they shouldn't do that. Think about this the other way, do
you want a call from all the experienced users, who normally knows
how to kill a program ( kill -1 pid , kill pid , kill -9 pid ), that
you as the stressed system admin should also kill all these hung
processes they have just created ? I don't want.
So, if you want it that way (only super-user can kill -9), only do it
on your own system but don't put it into the system as a default.

	ATS
-- 
	  ATS ( ats@first.gmd.de or ats@cs.tu-berlin.de )

Andreas Schulz  GMD-FIRST     O-1199  Berlin-Adlershof  Rudower Chaussee 5
Gebaeude 13.7      Tel: 030-6392-1856