Hello,
we wrote some patch we'd like to share...
(ftp://ftp.v-lo.krakow.pl/pub/linux/patches/). OK, it isn't a big thing,
but we think it adds support for some things that aren't available, and -
as we think - should be in normal kernel releases:
- possibility to define UID/GID that has some specific capability
(simplest example - you can make ping suid to that UID and thus decrease
number of suid-root files in the system)
- configure the number of processes that can be left for root (there is
already such value in kernel, but it's better to put it into config, I
think); and configure the amount of memory that must be always available
for root (that can help while fighting against some DoSes...)
- set the UID of "real-time user" whose processes have highest priority.
It also may be some protection against DoSes.
We posted information about our patch to other groups and got no answer,
so we don't know if it's so poor or so good;) So we hope you'll send us
some comments...
Kernel versions supported: 2.2.13, 2.2.14, 2.2.15, 2.3.51 (should work on
other 2.3 kernels - mail me if it doesn't).
Last thing: there is one thing that makes my patch non-POSIX-compliant.
But I thing that such behaviour should be better. I don't explain
everything here, just read Documentation/security.txt section 'WHAT'S
GOING ON WITH setuid AND setgid' and tell what you think about it...
I WROTE ABOUT OUR PATCH BEFORE AND NOBODY ANSWERED
OH PLEASE PLEASE SEND ME COMMENTS...
We'd like to know if you like it or not...
And URL of our patch once again:
ftp://ftp.v-lo.krakow.pl/pub/linux/patches/
Regards,
-- Michal Kosek & Eryk SchillerYou should pay homage to my homepage http://www.v-lo.krakow.pl/klasa4e/dziady3.html (For Polish Linux lovers - rest won't understand...;)
- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.rutgers.edu Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Wed Jun 07 2000 - 21:00:24 EST