Date: Sun, 5 Jun 2011 22:36:20 +0400 From: Vasiliy Kulikov <segoon@...nwall.com> To: kernel-hardening@...ts.openwall.com Subject: Re: [owl-dev] procfs mount options On Fri, Jun 03, 2011 at 23:11 +0400, Solar Designer wrote: > Indeed, we could set some of these perms with chmod post-mount, but as > discussed this has drawbacks. So ideally our preferred configuration > (which will be the default on Owl) should be achievable with mount > options alone. What if implement mode=XXX option to alter root directory permissions only, like tmpfs? Then all non-pid files may be chmod'ed without any race due to distro-specific policy and then "chmod a+rx /proc" to allow nonroot users to see procfs files. Thanks, -- Vasiliy Kulikov http://www.openwall.com - bringing security into open computing environments Download attachment "signature.asc" of type "application/pgp-signature" (837 bytes)
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.