Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Sun, 5 Jun 2011 22:36:20 +0400
From: Vasiliy Kulikov <segoon@...nwall.com>
To: kernel-hardening@...ts.openwall.com
Subject: Re: [owl-dev] procfs mount options

On Fri, Jun 03, 2011 at 23:11 +0400, Solar Designer wrote:
> Indeed, we could set some of these perms with chmod post-mount, but as
> discussed this has drawbacks.  So ideally our preferred configuration
> (which will be the default on Owl) should be achievable with mount
> options alone.

What if implement mode=XXX option to alter root directory permissions
only, like tmpfs?  Then all non-pid files may be chmod'ed without any
race due to distro-specific policy and then "chmod a+rx /proc" to allow
nonroot users to see procfs files.

Thanks,

-- 
Vasiliy Kulikov
http://www.openwall.com - bringing security into open computing environments

Download attachment "signature.asc" of type "application/pgp-signature" (837 bytes)

Powered by blists - more mailing lists

Your e-mail address:

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.