El lun, 18-04-2005 a las 16:01 -0400, Rik van Riel escribió: > On Mon, 18 Apr 2005, Lorenzo Hernández García-Hierro wrote: > > > Adding a "trusted user group"-like configuration option could be useful, > > as it's done within grsecurity, among that the whole thing might be good > > to depend on a config. option, but that implies using weird ifdef's and > > the other folks. > > I'd rather see something like this implemented as an LSM > module - or better yet, an SELinux security policy. For this purpose I (re)submitted a patch originally made by Serge E. Hallyn that adds a hook in order to catch task lookups, thus, providing an easy way to handle and determine when a task can lookup'ed. It's at: http://pearls.tuxedo-es.org/patches/lsm/lsm-task_lookup-hook.patch vSecurity currently provides support for it (optional). SELinux policy can handle in a much more fine-grained these restrictions, just that it's still something that not all people can deploy without some special effort and "tweak up" (if their system doesn't provide support for it, of course, currently Red Hat has done a great job in that terms). > > There's no need to sprinkle security policy all over the > kernel. I completely agree. Cheers, -- Lorenzo Hernández García-Hierro <[email protected]> [1024D/6F2B2DEC] & [2048g/9AE91A22][http://tuxedo-es.org]
Attachment:
signature.asc
Description: This is a digitally signed message part
- Follow-Ups:
- Re: [PATCH 0/7] procfs privacy
- From: Stephen Smalley <[email protected]>
- Re: [PATCH 0/7] procfs privacy
- References:
- [PATCH 0/7] procfs privacy
- From: Lorenzo Hernández García-Hierro <[email protected]>
- Re: [PATCH 0/7] procfs privacy
- From: Rik van Riel <[email protected]>
- Re: [PATCH 0/7] procfs privacy
- From: Lorenzo Hernández García-Hierro <[email protected]>
- Re: [PATCH 0/7] procfs privacy
- From: Rik van Riel <[email protected]>
- [PATCH 0/7] procfs privacy
- Prev by Date: Re: Garbage on serial console after serial driver loads
- Next by Date: Re: [PATCH 3/7] procfs privacy: misc. entries
- Previous by thread: Re: [PATCH 0/7] procfs privacy
- Next by thread: Re: [PATCH 0/7] procfs privacy
- Index(es):