Re: OWL module implementation

From: Jonathan Heusser (jonnyat_private)
Date: Wed Mar 26 2003 - 06:30:17 PST

  • Next message: Stephen D. Smalley: "Re: [PATCH][RFC] Remove kmod_set_label hook"

    Crispin Cowan wrote:
    
    > Basically, OWLSM implements what it can and what is needed.
    >
    > It also got used as a place to implement a "no ptrace for root 
    > processes" hack. I'm not sure if that hack is in the BK published 
    > version or not, but it should be. 
    
    I don't really see which features get implemented by which module .. or 
    is there no strict separation
    between the tasks of the modules 'capability' and 'owlsm' ?
    
    For instance "no ptrace for root processes" might as well fit in the 
    capabilities module in my opinion.
    
    > OWLSM is a good place to add pathology-prevention hacks that are 
    > beneficial to a production server, but a little too intrusive to be a 
    > native Linux kernel enhancement. So if you have a suggestion for 
    > another pathology prevention feature, consider adding it to OWLSM. 
    
    ok :->.
    
    thanks,
    Jonathan
    --
    
    
    
    
    _______________________________________________
    linux-security-module mailing list
    linux-security-moduleat_private
    http://mail.wirex.com/mailman/listinfo/linux-security-module
    



    This archive was generated by hypermail 2b30 : Wed Mar 26 2003 - 04:29:30 PST