Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Tue, 24 May 2011 06:34:09 +0400
From: Solar Designer <solar@...nwall.com>
To: owl-dev@...ts.openwall.com
Subject: Re: segoon's status report - #1 of 15

Vasiliy,

On Wed, May 18, 2011 at 07:06:01PM +0400, Vasiliy Kulikov wrote:
> Accomplishments:
> 
>   * Studied VFS and sysfs subsystems.
>   * Implemented a basic version of gid and pmode options for procfs (via
>     sysctl, no mount option yet).

IIRC, there was partial support for gid= on procfs in stock 2.4 kernels,
and -ow patches completed that.  Is this somehow gone in 2.6?  (I did
not look into this at all.)

>   * Implemented sysfs' mount options parsing and a basic version of
>     sysfs "mode" option.

Where is this code (your changes)?  Just on your computer?

> Priorities:
> 
>   * More tests the patch for sysfs, send RFC to LKML.

Not done yet?  (At least, I was not CC'ed on a message like that.)

>   * Rethink and discuss the usefullness of hiding /proc pid directories.

What exactly do you mean by "hiding /proc pid directories"?  Restricting
the perms on them (like in -ow patches and grsecurity) or actually
hiding the directories themselves (not revealing the PIDs and their
corresponding owner UIDs)?

You haven't started this discussion yet, have you?  Where do you intend
to discuss this (owl-dev, LKML with some CC's)?

>   * Implement gid/umask/mode mount options for debugfs.

Sounds fine, although of little relevance to Owl.

Thanks,

Alexander

Powered by blists - more mailing lists

Your e-mail address:

Powered by Openwall GNU/*/Linux - Powered by OpenVZ