On Thu, 9 Sep 1999, Daniel O'Connor wrote:
>
> On 09-Sep-99 Jason Young wrote:
> > After some thought, I think the mount option idea is best. I hadn't
> > thought of that before. One might want to apply different procfs
> > security policies to different mounts of procfs, especially in a
> > jail() situation. Good call.
>
> Yeah, you'd have to make sure procfs doesn't mind being mounted multiple times,
> something I'm not sure is true.
Also, don't forget about sysctl. kvm will defend itself with permissions
on /dev/kme, but sysctl is available for reading to anyone (see
src/release/picobsd/tinyware/sps to see what i mean).
Andrzej Bialecki
// <[EMAIL PROTECTED]> WebGiro AB, Sweden (http://www.webgiro.com)
// -------------------------------------------------------------------
// ------ FreeBSD: The Power to Serve. http://www.freebsd.org --------
// --- Small & Embedded FreeBSD: http://www.freebsd.org/~picobsd/ ----
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-hackers" in the body of the message
