Re: Port of secure fd handling to LSM

From: Greg KH (gregat_private)
Date: Mon Aug 06 2001 - 18:39:50 PDT

  • Next message: Jesse Pollard: "Re: Port of secure fd handling to LSM"

    On Mon, Aug 06, 2001 at 05:50:51PM -0700, richard offer wrote:
    > 
    > 
    > Attached is a quick port of that part of grsecurity (1.6) that deals with
    > handling fds 0,1,2 securely. (thanks to Matt Block for pointing out the 2.4
    > port).
    
    Nice.
    
    > Compile this and run it using strace,
    > 
    >     % strace ./sfd 1>&-
    > 
    > you'll see the value of fd changes from 1 to 3 when the module is present.
    
    Um, maybe I'm just too tired to realize it right now, but what security
    does this offer?  Just keeping userspace fds from being 0, 1, and 2?  Is
    this the same thing that OpenWall does?
    
    > Can we have our fds in now please ? :-)
    
    But didn't you just prove that they are not needed?  This patch doesn't
    need them.  I don't understand.
    
    > OffTopic:
    >     Should we create a new de-facto standard directory for policies to be
    > located in the kernel tree ? It would make it easier if we all had a single
    > location for them... 
    
    Good idea.  Anyone have a name that they like?
    
    greg k-h
    
    _______________________________________________
    linux-security-module mailing list
    linux-security-moduleat_private
    http://mail.wirex.com/mailman/listinfo/linux-security-module
    



    This archive was generated by hypermail 2b30 : Mon Aug 06 2001 - 18:41:30 PDT