Date: Sun, 19 Jun 2011 18:12:32 +0400 From: Vasiliy Kulikov <segoon@...nwall.com> To: kernel-hardening@...ts.openwall.com Subject: Re: HARDEN_VM86 Solar, On Wed, Jun 15, 2011 at 18:38 +0400, Solar Designer wrote: > BTW, a related syscall is modify_ldt(2). You could want to research > what programs use it, and consider restricting it as well. Perhaps with > a separate sysctl? It starts to look like seccomp v2. http://thread.gmane.org/gmane.linux.kernel/833539/focus=833864 - but with capable(CAP_SYS_RAWIO) instead of just deny and static syscalls list. Will Drewry is trying to push his limiting patch with ftrace-like syntax restrictions, but (a) it is not yet applied and (b) it is not inherited by execve's: https://lkml.org/lkml/2011/6/12/184 If it was not limited to one task it would serve our needs :( -- Vasiliy
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.