Re: [PATCH 0/7] procfs privacy

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



El lun, 18-04-2005 a las 16:01 -0400, Rik van Riel escribió:
> On Mon, 18 Apr 2005, Lorenzo Hernández García-Hierro wrote:
> 
> > Adding a "trusted user group"-like configuration option could be useful,
> > as it's done within grsecurity, among that the whole thing might be good
> > to depend on a config. option, but that implies using weird ifdef's and
> > the other folks.
> 
> I'd rather see something like this implemented as an LSM
> module - or better yet, an SELinux security policy.

For this purpose I (re)submitted a patch originally made by Serge E.
Hallyn that adds a hook in order to catch task lookups, thus, providing
an easy way to handle and determine when a task can lookup'ed.

It's at:
http://pearls.tuxedo-es.org/patches/lsm/lsm-task_lookup-hook.patch

vSecurity currently provides support for it (optional).

SELinux policy can handle in a much more fine-grained these
restrictions, just that it's still something that not all people can
deploy without some special effort and "tweak up" (if their system
doesn't provide support for it, of course, currently Red Hat has done a
great job in that terms).

> 
> There's no need to sprinkle security policy all over the
> kernel.

I completely agree.

Cheers,
-- 
Lorenzo Hernández García-Hierro <[email protected]> 
[1024D/6F2B2DEC] & [2048g/9AE91A22][http://tuxedo-es.org]

Attachment: signature.asc
Description: This is a digitally signed message part


[Index of Archives]     [Kernel Newbies]     [Netfilter]     [Bugtraq]     [Photo]     [Stuff]     [Gimp]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Video 4 Linux]     [Linux for the blind]     [Linux Resources]
  Powered by Linux