On 09-Sep-99 Jason Young wrote: > After some thought, I think the mount option idea is best. I hadn't > thought of that before. One might want to apply different procfs > security policies to different mounts of procfs, especially in a > jail() situation. Good call.
Yeah, you'd have to make sure procfs doesn't mind being mounted multiple times, something I'm not sure is true. > This would make the change transparent to both users and developers. > SGID can still be removed - a developer/debugger will already be root > or have had to chown the dump/kernel files to do any debugging. My thought too :) > It would be mild bloat, but disk is cheap, and a disk space to > debugging ease tradeoff has already been made (to the tune of several > megs!) by the decision to build debug kernels by default. I agree with > that. One could also #ifdef the kvm version. Yeah.. well I await the patches 8-) --- Daniel O'Connor software and network engineer for Genesis Software - http://www.gsoft.com.au "The nice thing about standards is that there are so many of them to choose from." -- Andrew Tanenbaum
pgpEA77kDiCmT.pgp
Description: PGP signature
