Re: unexporting sys_call_table a good idea?

From: Kasper Dupont (kasperd@daimi.au.dk)
Date: Tue Apr 01 2003 - 01:53:19 EST

Next message: Martin J. Bligh: "Re: Convert APIC to driver model: now it works with SMP"
Previous message: Zwane Mwaikambo: "Re: aic7(censored) use after free in 2.5.66"
In reply to: Pete Zaitcev: "Re: unexporting sys_call_table a good idea?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Pete Zaitcev wrote:
>
> Wouldn't it be easier just to add a sysctl
> which disables ptrace, instead?

I have been considering that. I'd suggest this would be more than
just a boolean. I could imagine using the lowermost bit to decide
if ptrace is allowed for root, and the next bit to decide if
ptrace is allowed for other users. But do we really want this
sysctl? When do we expect the next root exploit in ptrace?

-- 
Kasper Dupont -- der bruger for meget tid på usenet.
For sending spam use mailto:aaarep@daimi.au.dk
for(_=52;_;(_%5)||(_/=5),(_%5)&&(_-=2))putchar(_);
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Next message: Martin J. Bligh: "Re: Convert APIC to driver model: now it works with SMP"
Previous message: Zwane Mwaikambo: "Re: aic7(censored) use after free in 2.5.66"
In reply to: Pete Zaitcev: "Re: unexporting sys_call_table a good idea?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b29 : Mon Apr 07 2003 - 22:00:12 EST