El lun, 07-02-2005 a las 16:50 -0600, Serge E. Hallyn escribió: > Hi, > > If I understood you correct earlier, the only policy you needed to > enforce was to prevent double-chrooting. If that is the case, why is it > not sufficient to keep a "process-has-used-chroot" flag in > current->security which is set on the first call to > capable(CAP_SYS_CHROOT) and inherited by forked children, after which > calls to capable(CAP_SYS_CHROOT) are refused? > > Of course if you need to do more, then a hook might be necessary.
Yeah, checking that process is chrooted using the current macro and denying if capable() gets it trying to access CAP_SYS_CHROOT it's the way that vSecurity currently does it. But the hook will have to handle some chdir enforcing that can't be done with current hooks, I will explain it further tomorrow. It's too late here ;) Cheers, -- Lorenzo Hernández García-Hierro <[EMAIL PROTECTED]> [1024D/6F2B2DEC] & [2048g/9AE91A22][http://tuxedo-es.org]
signature.asc
Description: Esta parte del mensaje =?ISO-8859-1?Q?est=E1?= firmada digitalmente
