> Hmmm. But kernel contains features marked 'experimental'. Like experimental
> things, secure Linux patch can go into kernel with some remark like experimantal.
> (in this case: "big warning, ...").
Indeed, warning that this doesn't prevent you against getting hacked
should be in order.
I use the patch for a while now on production boxes, it has proven useful
and not in the way for me.
> BTW, restricted proc fs should go into kernel tree (do not care in this case
> if unexecutable stack goes in or not), because it's the minimum to have
> an ability to hide my processes from others. It's VERY simple and trivial
> patch, only alters file access permissions in /proc.
I couldn't live without it on our public telnet servers, our users should
have some form of "privacy".
We can all imagine what nasty things can happen when someone is doing a ps
and sees personal data carelessly put in a commandline of some users
process.
I think at least parts of these patches should be considered for optional
inclusion.
Regards,
---------------------------draw-conclusion-here------------------------
Homme R. Bitter *NIX admin, BOFH, MCSE, parttime divine entity.
REM This is a comment, I realy, really, really love comments.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/