Re: [PATCH 0/7] procfs privacy

From: Rik van Riel
Date: Mon Apr 18 2005 - 15:03:55 EST

Next message: Arjan van de Ven: "Re: [PATCH][RFC][0/4] InfiniBand userspace verbs implementation"
Previous message: Timur Tabi: "Re: [PATCH][RFC][0/4] InfiniBand userspace verbs implementation"
In reply to: Lorenzo Hernández García-Hierro: "Re: [PATCH 0/7] procfs privacy"
Next in thread: Lorenzo Hernández García-Hierro: "Re: [PATCH 0/7] procfs privacy"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Mon, 18 Apr 2005, Lorenzo Hernández García-Hierro wrote:

> Adding a "trusted user group"-like configuration option could be useful,
> as it's done within grsecurity, among that the whole thing might be good
> to depend on a config. option, but that implies using weird ifdef's and
> the other folks.

I'd rather see something like this implemented as an LSM
module - or better yet, an SELinux security policy.

There's no need to sprinkle security policy all over the
kernel.

--
"Debugging is twice as hard as writing the code in the first place.
Therefore, if you write the code as cleverly as possible, you are,
by definition, not smart enough to debug it." - Brian W. Kernighan

Next message: Arjan van de Ven: "Re: [PATCH][RFC][0/4] InfiniBand userspace verbs implementation"
Previous message: Timur Tabi: "Re: [PATCH][RFC][0/4] InfiniBand userspace verbs implementation"
In reply to: Lorenzo Hernández García-Hierro: "Re: [PATCH 0/7] procfs privacy"
Next in thread: Lorenzo Hernández García-Hierro: "Re: [PATCH 0/7] procfs privacy"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]