RE: Secure 2.4.x kernel
Interesting.
Has someone done some work on this?
I'm mean, lets face it, your running a bunch of
servers and they have boat loads of daemon's. Why
they'll need to fork/exec a shell is really a good
question -- in my mind, they don't. I could be wrong.
Why not simply build this ability into the kernel?
Could be an option at menuconfig time...
Gary
-----Original Message-----
From: Kelly Martin [mailto:kellym@fb00.fb.org]
Sent: Friday, December 21, 2001 12:24 PM
To: 'Robert Clay'; debian-security@lists.debian.org
Subject: RE: Secure 2.4.x kernel
As far as I know, Linux does not support doing that. So the way you do it
is modify your kernel to make fork and exec revokable syscalls, write a
syscall allowing a process to request revocation of unneeded syscalls, and
add that call to your daemon.
Kelly
> -----Original Message-----
> From: Robert Clay [SMTP:JClay@techteam.com]
> Sent: Friday, December 21, 2001 11:17 AM
> To: debian-security@lists.debian.org
> Subject: RE: Secure 2.4.x kernel
>
> And how would one do that?
>
> >>> Kelly Martin <kellym@fb00.fb.org> 12/21/01 12:09PM >>>
> ...Taking away the fork and exec syscalls from a daemon which does not
> need to do either would be a good start.
>
>
>
>
> --
> To UNSUBSCRIBE, email to debian-security-request@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact
> listmaster@lists.debian.org
>
--
To UNSUBSCRIBE, email to debian-security-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact
listmaster@lists.debian.org
---
Incoming mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.310 / Virus Database: 171 - Release Date: 12/19/2001
---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.310 / Virus Database: 171 - Release Date: 12/19/2001
Reply to: