Re: security patch

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



* [email protected] ([email protected]) wrote:
> I'm doing a new feature for linux kernel 2.6 to protect against all kinds of buffer
> overflow. It works with new sys_control() system call controling if a process can or can't
> call a system call ie. sys_execve();

This is insufficient to protect against buffer overflow.  You are
re-inventing something that's been done multiple times.  Each are
arguably more effective.  Look at the seccomp option in current kernels.
Look also to policy enforcement via something expressive such as
SELinux.

> I think it can be an option in linux kernel.

We've got what we need in the kernel now.

thanks,
-chris
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

[Index of Archives]     [Kernel Newbies]     [Netfilter]     [Bugtraq]     [Photo]     [Gimp]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Video 4 Linux]     [Linux for the blind]
  Powered by Linux