Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20110617100154.GA7885@albatros>
Date: Fri, 17 Jun 2011 14:01:54 +0400
From: Vasiliy Kulikov <segoon@...nwall.com>
To: kernel-hardening@...ts.openwall.com
Subject: Re: How to temporary change 'current' (task)

On Fri, Jun 17, 2011 at 13:25 +0400, Vasiliy Kulikov wrote:
> On Fri, Jun 17, 2011 at 12:59 +0400, Solar Designer wrote:
> > On Fri, Jun 17, 2011 at 12:36:51PM +0400, Vasiliy Kulikov wrote:
> > > I wonder whether there is a simple way to temporary switch 'current' to
> > > another task and then switch it back with minimum side effects?

BTW, as HARDEN_PROC restricts not only procfs, but also netlink sockets,
it should be moved into sysctls.  I think about (according to already
implemented dmesg_restricted and kptr_restricted):

    kernel.proc_restricted

    kernel.proc_restricted_gid

And, as net restriction is no more associated with proc restrictions:

    net.core.conninfo_restricted

    net.core.conninfo_restricted_gid

Thanks,

-- 
Vasiliy Kulikov
http://www.openwall.com - bringing security into open computing environments

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.