Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Fri, 20 Nov 2015 18:00:43 +0100
From: Florian Weimer <fweimer@...hat.com>
To: oss-security@...ts.openwall.com
Subject: seccomp filters without PR_SET_NO_NEW_PRIVS

Is there a way on current Linux kernels to install a seccomp filter
which is reset on execve and therefore does not require
PR_SET_NO_NEW_PRIVS for security reasons?  (The filter could restrict to
execve if necessary.)

Florian

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ