Return to BSD News archive
Path: sserve!newshost.anu.edu.au!munnari.oz.au!network.ucsd.edu!news.acns.nwu.edu!zaphod.mps.ohio-state.edu!swrinde!emory!sol.ctr.columbia.edu!ira.uka.de!news.dfn.de!mailgzrz.TU-Berlin.DE!ceres.fokus.gmd.de!gmdtub!ats From: ats@bigfoot.first.gmd.de (Andreas Schulz) Newsgroups: comp.os.386bsd.development Subject: Re: SIGKILL and kill Keywords: SIGNALS SECURITY Message-ID: <3309@bigfoot.first.gmd.de> Date: 17 Apr 93 16:03:43 GMT References: <1qo3mq$d4b@news.cs.tu-berlin.de> Organization: GMD-FIRST, Berlin Lines: 29 In article <1qo3mq$d4b@news.cs.tu-berlin.de> klier@cs.tu-berlin.de (Jan Klier) writes: some lines deleted .... > >My idea is now (and I post it here because it could be tested experimentally >in 386bsd) to modify the kill-programm in order to restrict the SIGKILL signal >to the superuser. >This will force users to use the safe TERM-signal when the terminate processes >and still leaves the door open for really hung situation where a SIGKILL is >necessary. > >Any comments? Yes, don't do that. I think, the only cure to this is to educate your users, that they shouldn't do that. Think about this the other way, do you want a call from all the experienced users, who normally knows how to kill a program ( kill -1 pid , kill pid , kill -9 pid ), that you as the stressed system admin should also kill all these hung processes they have just created ? I don't want. So, if you want it that way (only super-user can kill -9), only do it on your own system but don't put it into the system as a default. ATS -- ATS ( ats@first.gmd.de or ats@cs.tu-berlin.de ) Andreas Schulz GMD-FIRST O-1199 Berlin-Adlershof Rudower Chaussee 5 Gebaeude 13.7 Tel: 030-6392-1856