From: Chris Wright (chris_at_wirex.com)
Date: Tue Feb 26 2002 - 20:08:34 EST
On Tue, 26 Feb 2002 16:57:36 -0500, Mihai RUSU wrote
> > For the first issue I think there can be done a quick hack based on the
> > sources of openwall patch (www.openwall.org) as follows:
> > - openwall kernels show on netstat only the connections which belong to
> > the current userid
I thought viewing /proc/net/* was limited by group id (you have to have
the special group id set with gid= mount option).
* Jacques Gelinas (jack_at_solucorp.qc.ca) wrote:
> The patch on ctx-8 uses the security context. The solution in openwall,
> should work on top of that and would be a per-vserver feature. openwall
> is part of the LSM I think.
Bits and pieces of Openwall are ported to LSM. The SECURE_PROC bit
has been waiting for an interface change in the VFS that should be
available soon (viro mentioned something like the next week or two for
the VFS change).
cheers,
-chris
This archive was generated by hypermail 2.1.4 : Mon Aug 19 2002 - 12:01:01 EDT