Interesting. Has someone done some work on this? I'm mean, lets face it, your running a bunch of servers and they have boat loads of daemon's. Why they'll need to fork/exec a shell is really a good question -- in my mind, they don't. I could be wrong.
Why not simply build this ability into the kernel? Could be an option at menuconfig time... Gary -----Original Message----- From: Kelly Martin [mailto:[EMAIL PROTECTED]] Sent: Friday, December 21, 2001 12:24 PM To: 'Robert Clay'; [EMAIL PROTECTED] Subject: RE: Secure 2.4.x kernel As far as I know, Linux does not support doing that. So the way you do it is modify your kernel to make fork and exec revokable syscalls, write a syscall allowing a process to request revocation of unneeded syscalls, and add that call to your daemon. Kelly > -----Original Message----- > From: Robert Clay [SMTP:[EMAIL PROTECTED]] > Sent: Friday, December 21, 2001 11:17 AM > To: [EMAIL PROTECTED] > Subject: RE: Secure 2.4.x kernel > > And how would one do that? > > >>> Kelly Martin <[EMAIL PROTECTED]> 12/21/01 12:09PM >>> > ...Taking away the fork and exec syscalls from a daemon which does not > need to do either would be a good start. > > > > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact > [EMAIL PROTECTED] > -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] --- Incoming mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.310 / Virus Database: 171 - Release Date: 12/19/2001 --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.310 / Virus Database: 171 - Release Date: 12/19/2001 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
