Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Sun, 19 Jun 2011 18:12:32 +0400
From: Vasiliy Kulikov <>
Subject: Re: HARDEN_VM86


On Wed, Jun 15, 2011 at 18:38 +0400, Solar Designer wrote:
> BTW, a related syscall is modify_ldt(2).  You could want to research
> what programs use it, and consider restricting it as well.  Perhaps with
> a separate sysctl?

It starts to look like seccomp v2.

- but with capable(CAP_SYS_RAWIO) instead of just deny and static
syscalls list.  Will Drewry is trying to push his limiting patch with
ftrace-like syntax restrictions, but (a) it is not yet applied and (b)
it is not inherited by execve's:

If it was not limited to one task it would serve our needs :(


Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.