On 09-Sep-99 Jason Young wrote:
> After some thought, I think the mount option idea is best. I hadn't
> thought of that before. One might want to apply different procfs
> security policies to different mounts of procfs, especially in a
> jail() situation. Good call.
Yeah, you'd have to make sure procfs doesn't mind being mounted multiple times,
something I'm not sure is true.
> This would make the change transparent to both users and developers.
> SGID can still be removed - a developer/debugger will already be root
> or have had to chown the dump/kernel files to do any debugging.
My thought too :)
> It would be mild bloat, but disk is cheap, and a disk space to
> debugging ease tradeoff has already been made (to the tune of several
> megs!) by the decision to build debug kernels by default. I agree with
> that. One could also #ifdef the kvm version.
Yeah.. well I await the patches 8-)
---
Daniel O'Connor software and network engineer
for Genesis Software - http://www.gsoft.com.au
"The nice thing about standards is that there
are so many of them to choose from."
-- Andrew Tanenbaum
PGP signature
