Re: [PATCH 0/7] procfs privacy

On Mon, 18 Apr 2005, Lorenzo Hernández García-Hierro wrote:

> Adding a "trusted user group"-like configuration option could be useful,
> as it's done within grsecurity, among that the whole thing might be good
> to depend on a config. option, but that implies using weird ifdef's and
> the other folks.

I'd rather see something like this implemented as an LSM
module - or better yet, an SELinux security policy.

There's no need to sprinkle security policy all over the
kernel.

-- 
"Debugging is twice as hard as writing the code in the first place.
Therefore, if you write the code as cleverly as possible, you are,
by definition, not smart enough to debug it." - Brian W. Kernighan

Follow-Ups:
- Re: [PATCH 0/7] procfs privacy
  - From: Lorenzo Hernández García-Hierro <[email protected]>

References:
- [PATCH 0/7] procfs privacy
  - From: Lorenzo Hernández García-Hierro <[email protected]>
- Re: [PATCH 0/7] procfs privacy
  - From: Rik van Riel <[email protected]>
- Re: [PATCH 0/7] procfs privacy
  - From: Lorenzo Hernández García-Hierro <[email protected]>

Prev by Date: Re: [PATCH][RFC][0/4] InfiniBand userspace verbs implementation
Next by Date: Re: [PATCH][RFC][0/4] InfiniBand userspace verbs implementation
Previous by thread: Re: [PATCH 0/7] procfs privacy
Next by thread: Re: [PATCH 0/7] procfs privacy
Index(es):
- Date
- Thread

[Index of Archives] [Kernel Newbies] [Netfilter] [Bugtraq] [Photo] [Stuff] [Gimp] [Yosemite News] [MIPS Linux] [ARM Linux] [Linux Security] [Linux RAID] [Video 4 Linux] [Linux for the blind] [Linux Resources]