[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <4E456DA2.5080802@banquise.net>
Date: Fri, 12 Aug 2011 20:14:58 +0200
From: Simon Marechal <simon@...quise.net>
To: kernel-hardening@...ts.openwall.com
Subject: Re: procfs {tid,tgid,attr}_allowed mount options
Le 10/08/2011 15:34, Solar Designer a écrit :
> Perhaps run this by LKML as RFC and see what they think? And be willing
> to revert to your old approach, with more hard-coding, now that you have
> this arguably overly complicated alternative. Maybe it will convince
> Andrew Morton that something simpler and less flexible would be better.
Just my opinion, but the gid option is simple and to the point. More
complex solution will likely :
* not be used at all
* not be relevant to people with very specific needs anyway
* introduce bugs and/or vulnerabilities, either from the code or from
misconfigurations
Point #2 is important. Very specific needs should not be addressed in
this specific patch, it should be configured in something with a global
scope, such as a LSM.
I believe having effective security systems enabled by default is more
important than having generalistic and configurable systems nobody care
about. For example, being able to let a process choose the set of system
calls it should use is more useful to me than having SELinux loaded.
Powered by blists - more mailing lists
Confused about mailing lists and their use?
Read about mailing lists on Wikipedia
and check out these
guidelines on proper formatting of your messages.
