On Mon, 2005-04-18 at 22:18 +0200, Lorenzo HernÃndez GarcÃa-Hierro
wrote:
> For this purpose I (re)submitted a patch originally made by Serge E.
> Hallyn that adds a hook in order to catch task lookups, thus, providing
> an easy way to handle and determine when a task can lookup'ed.
>
> It's at:
El lun, 18-04-2005 a las 16:01 -0400, Rik van Riel escribió:
> On Mon, 18 Apr 2005, Lorenzo Hernández García-Hierro wrote:
>
> > Adding a "trusted user group"-like configuration option could be useful,
> > as it's done within grsecurity, among that the whole thing might be good
> > to depend on a
On Mon, 18 Apr 2005, Lorenzo Hernández García-Hierro wrote:
> Adding a "trusted user group"-like configuration option could be useful,
> as it's done within grsecurity, among that the whole thing might be good
> to depend on a config. option, but that implies using weird ifdef's and
> the other
El lun, 18-04-2005 a las 15:27 -0400, Rik van Riel escribió:
> The same "this forces people to run system monitoring tasks
> as root, potentially opening themselves up to security holes"
> comment applies to this patch.
That's because the patch is split up, those bits are on the proc_misc
one.
I
On Mon, 18 Apr 2005, Lorenzo Hernández García-Hierro wrote:
> - /proc/ioports
> - /proc/iomem
> - /proc/devices
> - /proc/cmdline
> - /proc/version
> - /proc/uptime
> - /proc/cpuinfo
> - /proc/partitions
> - /proc/stat
> - /proc/interrupts
> - /proc/slabinfo
> - /proc/diskstats
> - /proc/modules
As extracted from grsecurity's config. documentation: "non-root
users will only be able to view their own processes, and restricts
them from viewing network-related information, and viewing kernel
symbol and module information."
This is a procfs "privacy" split-up patch based in grsecurity procfs
As extracted from grsecurity's config. documentation: non-root
users will only be able to view their own processes, and restricts
them from viewing network-related information, and viewing kernel
symbol and module information.
This is a procfs privacy split-up patch based in grsecurity procfs
On Mon, 18 Apr 2005, Lorenzo Hernández García-Hierro wrote:
- /proc/ioports
- /proc/iomem
- /proc/devices
- /proc/cmdline
- /proc/version
- /proc/uptime
- /proc/cpuinfo
- /proc/partitions
- /proc/stat
- /proc/interrupts
- /proc/slabinfo
- /proc/diskstats
- /proc/modules
-
El lun, 18-04-2005 a las 15:27 -0400, Rik van Riel escribió:
The same this forces people to run system monitoring tasks
as root, potentially opening themselves up to security holes
comment applies to this patch.
That's because the patch is split up, those bits are on the proc_misc
one.
I
On Mon, 18 Apr 2005, Lorenzo Hernández García-Hierro wrote:
Adding a trusted user group-like configuration option could be useful,
as it's done within grsecurity, among that the whole thing might be good
to depend on a config. option, but that implies using weird ifdef's and
the other folks.
El lun, 18-04-2005 a las 16:01 -0400, Rik van Riel escribió:
On Mon, 18 Apr 2005, Lorenzo Hernández García-Hierro wrote:
Adding a trusted user group-like configuration option could be useful,
as it's done within grsecurity, among that the whole thing might be good
to depend on a config.
On Mon, 2005-04-18 at 22:18 +0200, Lorenzo Hernndez Garca-Hierro
wrote:
For this purpose I (re)submitted a patch originally made by Serge E.
Hallyn that adds a hook in order to catch task lookups, thus, providing
an easy way to handle and determine when a task can lookup'ed.
It's at:
12 matches
Mail list logo