About this list Date view Thread view Subject view Author view Attachment view

From: Chris Wright (chris_at_wirex.com)
Date: Wed 27 Feb 2002 - 01:08:34 GMT


On Tue, 26 Feb 2002 16:57:36 -0500, Mihai RUSU wrote
> > For the first issue I think there can be done a quick hack based on the
> > sources of openwall patch (www.openwall.org) as follows:
> > - openwall kernels show on netstat only the connections which belong to
> > the current userid

I thought viewing /proc/net/* was limited by group id (you have to have
the special group id set with gid= mount option).

* Jacques Gelinas (jack_at_solucorp.qc.ca) wrote:
> The patch on ctx-8 uses the security context. The solution in openwall,
> should work on top of that and would be a per-vserver feature. openwall
> is part of the LSM I think.

Bits and pieces of Openwall are ported to LSM. The SECURE_PROC bit
has been waiting for an interface change in the VFS that should be
available soon (viro mentioned something like the next week or two for
the VFS change).

cheers,
-chris


About this list Date view Thread view Subject view Author view Attachment view
[Next/Previous Months] [Main vserver Project Homepage] [Howto Subscribe/Unsubscribe] [Paul Sladen's vserver stuff]
Generated on Wed 06 Nov 2002 - 07:03:39 GMT by hypermail 2.1.3