> > > BTW, restricted proc fs should go into kernel tree (do not
> > We can all imagine what nasty things can happen when someone
> > is doing a ps
> > and sees personal data carelessly put in a commandline of some users
> > process.
> The unexecutable stack patch will probably always be a "hotbutton
> issue", but I too would really like to see the /proc permission
> patch go in to the standard kernel.
If they don't go into the standard kernel, maybe
it would be an option to fold them into the
`international' crypto version of the kernel as
can be found at http://www.kerneli.org/ ??
The target audience will probably partly consist
of the same people (security parano^Wconsious
folks who'll do everything to have their machines
secured) and it'll increase the testing audience
for both types of patches.
Linux distributions from outside the US could,
of course, also distribute a slighly hardened
kernel with all of these goodies included...
<hint, hint, hint>
-- The Internet is not a network of computers. It is a network of people. That is its real strength.
- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to firstname.lastname@example.org Please read the FAQ at http://www.tux.org/lkml/