Cees de Groot <C.deGroot@Inter.NL.net> writes:
> AFAIK, init should already be immune against any signals which are still
> associated with the default action. If not, this would be an (IMHO)
> easy and (IMNSHO) necessary patch (I gleaned over the kernel code,
> and I think this is not yet there).
Agreed, this is needed.
> Would it be an idea to make securelev a set of flags?
Yes. This has already been gone into in some detail, both on
linux-kernel and on the linux-privs security list.
Cheers,
Stephen.
--- Stephen Tweedie <sct@dcs.ed.ac.uk> Department of Computer Science, Edinburgh University, Scotland.