Date: Fri, 20 Nov 2015 18:00:43 +0100 From: Florian Weimer <fweimer@...hat.com> To: oss-security@...ts.openwall.com Subject: seccomp filters without PR_SET_NO_NEW_PRIVS Is there a way on current Linux kernels to install a seccomp filter which is reset on execve and therefore does not require PR_SET_NO_NEW_PRIVS for security reasons? (The filter could restrict to execve if necessary.) Florian
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ