El lun, 07-02-2005 a las 14:34 -0800, Chris Wright escribió:
> * Lorenzo Hernández García-Hierro ([EMAIL PROTECTED]) wrote:
> > Attached you can find a patch which adds a new hook for the sys_chroot()
> > syscall, and makes us able to add additional enforcing and security
> > checks by using the Li
El lun, 07-02-2005 a las 16:50 -0600, Serge E. Hallyn escribió:
> Hi,
>
> If I understood you correct earlier, the only policy you needed to
> enforce was to prevent double-chrooting. If that is the case, why is it
> not sufficient to keep a "process-has-used-chroot" flag in
> current->security w
Hi,
If I understood you correct earlier, the only policy you needed to
enforce was to prevent double-chrooting. If that is the case, why is it
not sufficient to keep a "process-has-used-chroot" flag in
current->security which is set on the first call to
capable(CAP_SYS_CHROOT) and inherited by fo
* Lorenzo Hernández García-Hierro ([EMAIL PROTECTED]) wrote:
> Attached you can find a patch which adds a new hook for the sys_chroot()
> syscall, and makes us able to add additional enforcing and security
> checks by using the Linux Security Modules framework (ie. chdir
> enforcing, etc).
If you
Hi,
Attached you can find a patch which adds a new hook for the sys_chroot()
syscall, and makes us able to add additional enforcing and security
checks by using the Linux Security Modules framework (ie. chdir
enforcing, etc).
Current user of the hook is the forthcoming 0.2 revision of vSecurity.
5 matches
Mail list logo
