Re: kernel ring buffer accessible by users

From: Frank v Waveren (fvw@var.cx)
Date: Wed Apr 23 2003 - 11:59:31 EST

Next message: David van Hoose: "[2.4.21-rc1] Zipdrive messages too much"
Previous message: Andrew Kirilenko: "Searching for string problems"
In reply to: Werner Almesberger: "Re: kernel ring buffer accessible by users"
Next in thread: David Wagner: "Re: kernel ring buffer accessible by users"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, Apr 23, 2003 at 01:45:30PM -0300, Werner Almesberger wrote:
> Yes, but you'll get quite a few objections to adding yet another
> suid root program :-)

Why not make it mode 440, and have a mount option for the proc
filesystem that gives which gid certain sensitive files should have.
The openwall security patch does this (with a few further restrictions
to the permissions of certain /proc files) and I like it a lot.

-- 
Frank v Waveren                                      Fingerprint: 21A7 C7F3
fvw@[var.cx|stack.nl|chello.nl] ICQ#10074100            1FF3 47FF 545C CB53
Public key: hkp://wwwkeys.pgp.net/fvw@var.cx            7BD9 09C0 3AC1 6DF2
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Next message: David van Hoose: "[2.4.21-rc1] Zipdrive messages too much"
Previous message: Andrew Kirilenko: "Searching for string problems"
In reply to: Werner Almesberger: "Re: kernel ring buffer accessible by users"
Next in thread: David Wagner: "Re: kernel ring buffer accessible by users"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b29 : Wed Apr 23 2003 - 22:00:37 EST