Re: unexporting sys_call_table a good idea?

Kasper Dupont (kasperd@daimi.au.dk)
Tue, 01 Apr 2003 08:53:19 +0200

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Martin J. Bligh: "Re: Convert APIC to driver model: now it works with SMP"
Previous message: Greg KH: "Re: lm sensors sysfs file structure"
Maybe in reply to: Paul Clements: "unexporting sys_call_table a good idea?"

Pete Zaitcev wrote:
>
> Wouldn't it be easier just to add a sysctl
> which disables ptrace, instead?

I have been considering that. I'd suggest this would be more than
just a boolean. I could imagine using the lowermost bit to decide
if ptrace is allowed for root, and the next bit to decide if
ptrace is allowed for other users. But do we really want this
sysctl? When do we expect the next root exploit in ptrace?

-- 
Kasper Dupont -- der bruger for meget tid på usenet.
For sending spam use mailto:aaarep@daimi.au.dk
for(_=52;_;(_%5)||(_/=5),(_%5)&&(_-=2))putchar(_);
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Next message: Martin J. Bligh: "Re: Convert APIC to driver model: now it works with SMP"
Previous message: Greg KH: "Re: lm sensors sysfs file structure"
Maybe in reply to: Paul Clements: "unexporting sys_call_table a good idea?"