On Wed, Apr 23, 2003 at 01:45:30PM -0300, Werner Almesberger wrote:
> Yes, but you'll get quite a few objections to adding yet another
> suid root program :-)
Why not make it mode 440, and have a mount option for the proc
filesystem that gives which gid certain sensitive files should have.
The openwall security patch does this (with a few further restrictions
to the permissions of certain /proc files) and I like it a lot.
-- Frank v Waveren Fingerprint: 21A7 C7F3 fvw@[var.cx|stack.nl|chello.nl] ICQ#10074100 1FF3 47FF 545C CB53 Public key: hkp://wwwkeys.pgp.net/fvw@var.cx 7BD9 09C0 3AC1 6DF2 - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Wed Apr 23 2003 - 22:00:37 EST