Hello, I've been following this list for quite a while, and attended the BoF at DC. I've taken many of your theories into account when beginning to work on PRFW, the set of hooks for the FreeBSD operating system. I know this surely is not a FreeBSD hook mailing list, but perhaps you'd be interested to compare, and I'd be glad to hear your feedback. One thing I added in my hooks implementation is the ability to have per-process hooks, for example, you might have process A return EPERM when it tries to setuid(), and you can tell process B that it can only use SOCKET() if it is PF_LOCAL. These rules also propagate through children. Here is the website for it: http://www.freesoftware.fsf.org/jailuser/ (Even though it is hosted by savannah.gnu.org, it is certanly not part of the GNU project nor even GPL'd. It is BSDL. I chose savannah because it is certanly better than soruceforge and I helped with it .. heh ;) ) I have posted a preliminary patch and a howto, if you want to look. Sorry again if this seems out of place, wondered if you were curious about it :-) -- ----------------------------------- Evan Sarmiento | www.open-root.org emsat_private | www.sekt7.org/~ems/ ----------------------------------- _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Mon Aug 20 2001 - 16:40:44 PDT