Re: security patch

From: Chris Wright
Date: Thu Sep 22 2005 - 15:52:36 EST

Next message: Rafael J. Wysocki: "[PATCH][Fix] swsusp: do not trigger BUG_ON() if there is not enough memory"
Previous message: Chris Sykes: "Re: Hang during rm on ext2 mounted sync (2.6.14-rc2+)"
In reply to: Hagen Paul Pfeifer: "Re: security patch"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

* breno@xxxxxxxxxxxxxxxx (breno@xxxxxxxxxxxxxxxx) wrote:
> I'm doing a new feature for linux kernel 2.6 to protect against all kinds of buffer
> overflow. It works with new sys_control() system call controling if a process can or can't
> call a system call ie. sys_execve();

This is insufficient to protect against buffer overflow. You are
re-inventing something that's been done multiple times. Each are
arguably more effective. Look at the seccomp option in current kernels.
Look also to policy enforcement via something expressive such as
SELinux.

> I think it can be an option in linux kernel.

We've got what we need in the kernel now.

thanks,
-chris
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Rafael J. Wysocki: "[PATCH][Fix] swsusp: do not trigger BUG_ON() if there is not enough memory"
Previous message: Chris Sykes: "Re: Hang during rm on ext2 mounted sync (2.6.14-rc2+)"
In reply to: Hagen Paul Pfeifer: "Re: security patch"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]