On Mon, 2005-04-18 at 22:18 +0200, Lorenzo HernÃndez GarcÃa-Hierro
wrote:
> For this purpose I (re)submitted a patch originally made by Serge E.
> Hallyn that adds a hook in order to catch task lookups, thus, providing
> an easy way to handle and determine when a task can lookup'ed.
>
> It's at:
>
El lun, 18-04-2005 a las 16:01 -0400, Rik van Riel escribió:
> On Mon, 18 Apr 2005, Lorenzo Hernández García-Hierro wrote:
>
> > Adding a "trusted user group"-like configuration option could be useful,
> > as it's done within grsecurity, among that the whole thing might be good
> > to depend on a
On Mon, 18 Apr 2005, Lorenzo Hernández García-Hierro wrote:
> Adding a "trusted user group"-like configuration option could be useful,
> as it's done within grsecurity, among that the whole thing might be good
> to depend on a config. option, but that implies using weird ifdef's and
> the other fo
El lun, 18-04-2005 a las 15:27 -0400, Rik van Riel escribió:
> The same "this forces people to run system monitoring tasks
> as root, potentially opening themselves up to security holes"
> comment applies to this patch.
That's because the patch is split up, those bits are on the proc_misc
one.
I
On Mon, 18 Apr 2005, Lorenzo Hernández García-Hierro wrote:
> - /proc/ioports
> - /proc/iomem
> - /proc/devices
> - /proc/cmdline
> - /proc/version
> - /proc/uptime
> - /proc/cpuinfo
> - /proc/partitions
> - /proc/stat
> - /proc/interrupts
> - /proc/slabinfo
> - /proc/diskstats
> - /proc/modules
>
As extracted from grsecurity's config. documentation: "non-root
users will only be able to view their own processes, and restricts
them from viewing network-related information, and viewing kernel
symbol and module information."
This is a procfs "privacy" split-up patch based in grsecurity procfs
6 matches
Mail list logo
