On Sun, Jul 24, 2016 at 01:09:46PM +0200, Maxime Villard wrote:
> The goal of sysrestrict (and pledge, and whatever else) is not to provide the
> perfect feature that will control absolutely everything. The goal is just to
> provide an additionnal, simple layer of restriction. It is a combination o
by posting code you mean I send it to you, on email right? or tech-kern
mailing list?
And in ext2fs_lookup.c
in function ext2fs_dirbadentry()
else if (reclen % 4 != 0)
error_msg = "rec_len % 4 != 0";
why does this part of code necessary ?
On Sun, Jul 24, 2016 at 10:56 PM, Christos Zou
On Jul 24, 5:52pm, hrishi.go...@gmail.com (HRISHIKESH GOYAL) wrote:
-- Subject: Re: GSoC-2016
| Hello,
|
| sir, I am still struggling with htree index directory write support. The
| problem that I am facing currently is in reading a directory file before
| writing a new entry. During reading a
Le 24/07/2016 à 00:52, Alistair Crooks a écrit :
ISTM that your sysretsrict suffers from one of the same drawbacks as
pledge/tame/name-du-jour - the restrictions are being burned into the
binary at compile/link time.
No. As I said, the userland tool could add or modify the bitmap in the ELF
sec
Le 23/07/2016 à 21:36, Matt Thomas a écrit :
On Jul 23, 2016, at 1:36 AM, Maxime Villard wrote:
Eight months ago, I shared with a few developers the code for a kernel
interface [1] that can disable syscalls in user processes.
The idea is the following: a syscall bitmap is embedded into the E
Le 23/07/2016 à 23:50, Paul Goyette a écrit :
I would assume that the checking of syscall restrictions would be done
within the kauth(9) framework?
As I wrote it, it is not. It wouldn't be hard to switch to kauth, but I fear
the performance cost would be higher.
