Re: security patch

* [email protected] ([email protected]) wrote:
> I'm doing a new feature for linux kernel 2.6 to protect against all kinds of buffer
> overflow. It works with new sys_control() system call controling if a process can or can't
> call a system call ie. sys_execve();

This is insufficient to protect against buffer overflow.  You are
re-inventing something that's been done multiple times.  Each are
arguably more effective.  Look at the seccomp option in current kernels.
Look also to policy enforcement via something expressive such as
SELinux.

> I think it can be an option in linux kernel.

We've got what we need in the kernel now.

thanks,
-chris
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

---

• References:
  • security patch
    • From: [email protected]

• Prev by Date: Re: Hang during rm on ext2 mounted sync (2.6.14-rc2+)
• Next by Date: [PATCH][Fix] swsusp: do not trigger BUG_ON() if there is not enough memory
• Previous by thread: Re: security patch
• Next by thread: [PATCH] ktimers subsystem V2
• Index(es):
  • Date
  • Thread

[Index of Archives]     [Kernel Newbies]     [Netfilter]     [Bugtraq]     [Photo]     [Gimp]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Video 4 Linux]     [Linux for the blind]