Quoting Matt Brown (m...@nmatt.com):
> On 04/21/2017 01:24 AM, Serge E. Hallyn wrote:
> >On Fri, Apr 21, 2017 at 01:09:59AM -0400, Matt Brown wrote:
> >>On 04/20/2017 01:41 PM, Serge E. Hallyn wrote:
> >>>Quoting m...@nmatt.com (m...@nmatt.com):
> On 2017-04-20 11:19, Serge E. Hallyn wrote:
> >
On 04/21/2017 01:24 AM, Serge E. Hallyn wrote:
On Fri, Apr 21, 2017 at 01:09:59AM -0400, Matt Brown wrote:
On 04/20/2017 01:41 PM, Serge E. Hallyn wrote:
Quoting m...@nmatt.com (m...@nmatt.com):
On 2017-04-20 11:19, Serge E. Hallyn wrote:
Quoting Matt Brown (m...@nmatt.com):
On 04/19/2017 07
On Thu, Apr 20, 2017 at 10:24 PM, Serge E. Hallyn wrote:
> On Fri, Apr 21, 2017 at 01:09:59AM -0400, Matt Brown wrote:
>> On 04/20/2017 01:41 PM, Serge E. Hallyn wrote:
>> >Quoting m...@nmatt.com (m...@nmatt.com):
>> >>On 2017-04-20 11:19, Serge E. Hallyn wrote:
>> >>>Quoting Matt Brown (m...@nmat
On Fri, Apr 21, 2017 at 01:09:59AM -0400, Matt Brown wrote:
> On 04/20/2017 01:41 PM, Serge E. Hallyn wrote:
> >Quoting m...@nmatt.com (m...@nmatt.com):
> >>On 2017-04-20 11:19, Serge E. Hallyn wrote:
> >>>Quoting Matt Brown (m...@nmatt.com):
> On 04/19/2017 07:53 PM, Serge E. Hallyn wrote:
> >
On 04/20/2017 01:41 PM, Serge E. Hallyn wrote:
Quoting m...@nmatt.com (m...@nmatt.com):
On 2017-04-20 11:19, Serge E. Hallyn wrote:
Quoting Matt Brown (m...@nmatt.com):
On 04/19/2017 07:53 PM, Serge E. Hallyn wrote:
Quoting Matt Brown (m...@nmatt.com):
On 04/19/2017 12:58 AM, Serge E. Hallyn
Quoting m...@nmatt.com (m...@nmatt.com):
> On 2017-04-20 11:19, Serge E. Hallyn wrote:
> >Quoting Matt Brown (m...@nmatt.com):
> >>On 04/19/2017 07:53 PM, Serge E. Hallyn wrote:
> >>>Quoting Matt Brown (m...@nmatt.com):
> On 04/19/2017 12:58 AM, Serge E. Hallyn wrote:
> >On Tue, Apr 18, 201
On 2017-04-20 11:19, Serge E. Hallyn wrote:
Quoting Matt Brown (m...@nmatt.com):
On 04/19/2017 07:53 PM, Serge E. Hallyn wrote:
>Quoting Matt Brown (m...@nmatt.com):
>>On 04/19/2017 12:58 AM, Serge E. Hallyn wrote:
>>>On Tue, Apr 18, 2017 at 11:45:26PM -0400, Matt Brown wrote:
This patch rep
Quoting Serge E. Hallyn (se...@hallyn.com):
> Quoting Matt Brown (m...@nmatt.com):
> > On 04/19/2017 07:53 PM, Serge E. Hallyn wrote:
> > >Quoting Matt Brown (m...@nmatt.com):
> > >>On 04/19/2017 12:58 AM, Serge E. Hallyn wrote:
> > >>>On Tue, Apr 18, 2017 at 11:45:26PM -0400, Matt Brown wrote:
> >
Quoting Matt Brown (m...@nmatt.com):
> On 04/19/2017 07:53 PM, Serge E. Hallyn wrote:
> >Quoting Matt Brown (m...@nmatt.com):
> >>On 04/19/2017 12:58 AM, Serge E. Hallyn wrote:
> >>>On Tue, Apr 18, 2017 at 11:45:26PM -0400, Matt Brown wrote:
> This patch reproduces GRKERNSEC_HARDEN_TTY function
On 04/19/2017 07:53 PM, Serge E. Hallyn wrote:
Quoting Matt Brown (m...@nmatt.com):
On 04/19/2017 12:58 AM, Serge E. Hallyn wrote:
On Tue, Apr 18, 2017 at 11:45:26PM -0400, Matt Brown wrote:
This patch reproduces GRKERNSEC_HARDEN_TTY functionality from the grsecurity
project in-kernel.
This w
On 04/19/2017 07:18 AM, James Morris wrote:
On Tue, 18 Apr 2017, Matt Brown wrote:
This patch reproduces GRKERNSEC_HARDEN_TTY functionality from the grsecurity
project in-kernel.
It seems like an ugly hack to an ugly feature (CAP_SYS_ADMIN barely makes
sense here), and rather than sprinkling
Quoting Matt Brown (m...@nmatt.com):
> On 04/19/2017 12:58 AM, Serge E. Hallyn wrote:
> >On Tue, Apr 18, 2017 at 11:45:26PM -0400, Matt Brown wrote:
> >>This patch reproduces GRKERNSEC_HARDEN_TTY functionality from the grsecurity
> >>project in-kernel.
> >>
> >>This will create the Kconfig SECURITY
On 04/19/2017 01:20 AM, Kees Cook wrote:
On Tue, Apr 18, 2017 at 9:58 PM, Serge E. Hallyn wrote:
On Tue, Apr 18, 2017 at 11:45:26PM -0400, Matt Brown wrote:
This patch reproduces GRKERNSEC_HARDEN_TTY functionality from the grsecurity
project in-kernel.
This will create the Kconfig SECURITY_TI
On 04/19/2017 12:58 AM, Serge E. Hallyn wrote:
On Tue, Apr 18, 2017 at 11:45:26PM -0400, Matt Brown wrote:
This patch reproduces GRKERNSEC_HARDEN_TTY functionality from the grsecurity
project in-kernel.
This will create the Kconfig SECURITY_TIOCSTI_RESTRICT and the corresponding
sysctl kernel.t
On Tue, 18 Apr 2017, Matt Brown wrote:
> This patch reproduces GRKERNSEC_HARDEN_TTY functionality from the grsecurity
> project in-kernel.
It seems like an ugly hack to an ugly feature (CAP_SYS_ADMIN barely makes
sense here), and rather than sprinkling these types of things throughout
the kerne
On Tue, Apr 18, 2017 at 9:58 PM, Serge E. Hallyn wrote:
> On Tue, Apr 18, 2017 at 11:45:26PM -0400, Matt Brown wrote:
>> This patch reproduces GRKERNSEC_HARDEN_TTY functionality from the grsecurity
>> project in-kernel.
>>
>> This will create the Kconfig SECURITY_TIOCSTI_RESTRICT and the correspon
On Tue, Apr 18, 2017 at 11:45:26PM -0400, Matt Brown wrote:
> This patch reproduces GRKERNSEC_HARDEN_TTY functionality from the grsecurity
> project in-kernel.
>
> This will create the Kconfig SECURITY_TIOCSTI_RESTRICT and the corresponding
> sysctl kernel.tiocsti_restrict that, when activated, re
This patch reproduces GRKERNSEC_HARDEN_TTY functionality from the grsecurity
project in-kernel.
This will create the Kconfig SECURITY_TIOCSTI_RESTRICT and the corresponding
sysctl kernel.tiocsti_restrict that, when activated, restrict all TIOCSTI
ioctl calls from non CAP_SYS_ADMIN users.
Possible
18 matches
Mail list logo
