On Thu, 15 Sep 2005, Valdis Kletnieks murmured woefully:
> 1) This patch is pointless without other kernel magic to guarantee that
> even root can't open /dev/kmem - either SELinux and/or the 'devmem.patch'
> that's in current Fedora kernels. There's well-known ways to do the equivalent of
> an insmod even if the kernel is built with 'CONFIG_MODULES=n'.
Agreed; I use it in conjunction with a one-liner to remove CAP_RAWIO
from the capability bounding set.
> 2) Guess it's time to re-post my sysctl patch to provide a general-purpose
> one-shot... (Diffed against 2.6.11-mm4, but applies cleanly to 2.6.13-mm1 as well).
Yes, much nicer. (My goal, to get a better patch by posting my ugly one,
is achieved! ;) )
--
`One cannot, after all, be expected to read every single word
of a book whose author one wishes to insult.' --- Richard Dawkins
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
[Index of Archives]
[Kernel Newbies]
[Netfilter]
[Bugtraq]
[Photo]
[Gimp]
[Yosemite News]
[MIPS Linux]
[ARM Linux]
[Linux Security]
[Linux RAID]
[Video 4 Linux]
[Linux for the blind]
| |
 |