Re: secure computing for 2.6.7

From: Alan Cox
Date: Sun Aug 01 2004 - 16:57:56 EST

Next message: Francois Romieu: "Re: [PATCH] fix inline related gcc 3.4 build failures in drivers/net/wan/dscc4.c"
Previous message: Sam Ravnborg: "Re: 2.6.8-rc2-mm1"
In reply to: Bernd Eckenfels: "Re: secure computing for 2.6.7"
Next in thread: Andrea Arcangeli: "Re: secure computing for 2.6.7"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Sul, 2004-08-01 at 18:29, chris@xxxxxxxxxxxxxxxx wrote:
> How hard would it be to have a per-task bitmap of syscalls allowed? This
> way, a task could restrict to the exact subset of syscalls required for
> maximum security.

Very easy indeed, although you might have to do a tiny bit of tweaking
for kernel made syscalls (eg hotplug triggers).

You can already do all of this using several user space applications
that manage it via ptrace. They do have a performance hit however.

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Francois Romieu: "Re: [PATCH] fix inline related gcc 3.4 build failures in drivers/net/wan/dscc4.c"
Previous message: Sam Ravnborg: "Re: 2.6.8-rc2-mm1"
In reply to: Bernd Eckenfels: "Re: secure computing for 2.6.7"
Next in thread: Andrea Arcangeli: "Re: secure computing for 2.6.7"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]