Re: Secure 2.4.x kernel
I don't know this for certain, but I've got a feeling that it's this kind
of thing that would be very easy to implement in the Hurd - the microkernel
would make it very easy to start adding daemons that provide a layer between
requests for exec, forks etc and actually granting them.
Otoh, the hurd may not suffer from these problems at all, or in the same way
- I haven't worked with the hurd for long enough to know much more than that
it *seems* to revolve around some truely excellant ideas which some people
don't like!
In any case it would probably require writing a daemon and re-writing the
hurd call library to take advantage of it, though no re-writing of the user
space daemons would be necessary afaict.
Matthew
On Fri, Dec 21, 2001 at 11:23:59AM -0600, Kelly Martin wrote:
> As far as I know, Linux does not support doing that. So the way you do it
> is modify your kernel to make fork and exec revokable syscalls, write a
> syscall allowing a process to request revocation of unneeded syscalls, and
> add that call to your daemon.
>
> Kelly
>
> > -----Original Message-----
> > From: Robert Clay [SMTP:JClay@techteam.com]
> > Sent: Friday, December 21, 2001 11:17 AM
> > To: debian-security@lists.debian.org
> > Subject: RE: Secure 2.4.x kernel
> >
> > And how would one do that?
> >
> > >>> Kelly Martin <kellym@fb00.fb.org> 12/21/01 12:09PM >>>
> > ...Taking away the fork and exec syscalls from a daemon which does not
> > need to do either would be a good start.
> >
> >
> >
> >
> > --
> > To UNSUBSCRIBE, email to debian-security-request@lists.debian.org
> > with a subject of "unsubscribe". Trouble? Contact
> > listmaster@lists.debian.org
> >
>
>
> --
> To UNSUBSCRIBE, email to debian-security-request@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
>
>
--
Matthew Sackman
Nottingham
England
BOFH Excuse Board:
disks spinning backwards - toggle the hemisphere jumper.
Reply to: