Greetings, I have experimented with creating an EXEC capability that is turned on by default (as a quick hack). I didn't consider fork at the time since most breeches involve execing a shell (or some other binary).
G'day, sjames Quoting Gary MacDougall <[EMAIL PROTECTED]>: > Interesting. > > Has someone done some work on this? > I'm mean, lets face it, your running a bunch of > servers and they have boat loads of daemon's. Why > they'll need to fork/exec a shell is really a good > question -- in my mind, they don't. I could be wrong. > > Why not simply build this ability into the kernel? > Could be an option at menuconfig time... > > Gary > > -----Original Message----- > From: Kelly Martin [mailto:[EMAIL PROTECTED]] > Sent: Friday, December 21, 2001 12:24 PM > To: 'Robert Clay'; [EMAIL PROTECTED] > Subject: RE: Secure 2.4.x kernel > > > As far as I know, Linux does not support doing that. So the way you do > it > is modify your kernel to make fork and exec revokable syscalls, write a > syscall allowing a process to request revocation of unneeded syscalls, > and > add that call to your daemon. > > Kelly > > > -----Original Message----- > > From: Robert Clay [SMTP:[EMAIL PROTECTED]] > > Sent: Friday, December 21, 2001 11:17 AM > > To: [EMAIL PROTECTED] > > Subject: RE: Secure 2.4.x kernel > > > > And how would one do that? > > > > >>> Kelly Martin <[EMAIL PROTECTED]> 12/21/01 12:09PM >>> > > ...Taking away the fork and exec syscalls from a daemon which does > not > > need to do either would be a good start. > > > > > > > > > > -- > > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > > with a subject of "unsubscribe". Trouble? Contact > > [EMAIL PROTECTED] > > > > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact > [EMAIL PROTECTED] > > > --- > Incoming mail is certified Virus Free. > Checked by AVG anti-virus system (http://www.grisoft.com). > Version: 6.0.310 / Virus Database: 171 - Release Date: 12/19/2001 > > --- > Outgoing mail is certified Virus Free. > Checked by AVG anti-virus system (http://www.grisoft.com). > Version: 6.0.310 / Virus Database: 171 - Release Date: 12/19/2001 > > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact > [EMAIL PROTECTED] > ----------------------------steven james, director of research, linux labs LinuxBIOS Cluster Solutions 230 peachtree st nw ste 2705 High-Speed Colocation, Hosting, atlanta.ga.us 30303 Linux Hardware, Development & Support http://www.linuxlabs.com * Visit us at SuperComputing 2001, Booth 539 * office/fax 404.577.7747/3 -------------------------------------------------------------------------- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
