I don't know this for certain, but I've got a feeling that it's this kind of thing that would be very easy to implement in the Hurd - the microkernel would make it very easy to start adding daemons that provide a layer between requests for exec, forks etc and actually granting them.
Otoh, the hurd may not suffer from these problems at all, or in the same way - I haven't worked with the hurd for long enough to know much more than that it *seems* to revolve around some truely excellant ideas which some people don't like! In any case it would probably require writing a daemon and re-writing the hurd call library to take advantage of it, though no re-writing of the user space daemons would be necessary afaict. Matthew On Fri, Dec 21, 2001 at 11:23:59AM -0600, Kelly Martin wrote: > As far as I know, Linux does not support doing that. So the way you do it > is modify your kernel to make fork and exec revokable syscalls, write a > syscall allowing a process to request revocation of unneeded syscalls, and > add that call to your daemon. > > Kelly > > > -----Original Message----- > > From: Robert Clay [SMTP:[EMAIL PROTECTED] > > Sent: Friday, December 21, 2001 11:17 AM > > To: debian-security@lists.debian.org > > Subject: RE: Secure 2.4.x kernel > > > > And how would one do that? > > > > >>> Kelly Martin <[EMAIL PROTECTED]> 12/21/01 12:09PM >>> > > ...Taking away the fork and exec syscalls from a daemon which does not > > need to do either would be a good start. > > > > > > > > > > -- > > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > > with a subject of "unsubscribe". Trouble? Contact > > [EMAIL PROTECTED] > > > > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] > > -- Matthew Sackman Nottingham England BOFH Excuse Board: disks spinning backwards - toggle the hemisphere jumper.
