Re: Security patch for /proc

Raul Miller (rdm@test.legislate.com)
Sun, 5 Apr 1998 08:14:53 -0400

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Nicolas Pitre: "2.1.91 compilation failure with no networking support"
Previous message: Jeanette Pauline Middelink: "APM woes"

Jeremy Fitzhardinge <jeremy@zip.com.au> wrote:
> - I disallow access to all proc entries for a process, which is
> probably a little draconian.

Hmm... what about when chroot is used to bring up the system (in a
fashion analogous to initrd, but without being ramdisk specific)?

I think what you'd really need for security is not just chroot, but
something to declare certain file systems (and their corresponding
devices) off limits to a process and its decendants. Then it wouldn't
matter how the references to those file systems were generated.

-- Raul

- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.rutgers.edu

Next message: Nicolas Pitre: "2.1.91 compilation failure with no networking support"
Previous message: Jeanette Pauline Middelink: "APM woes"