[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: securelevel=3



On Thursday, May 14, stanislav shalunov wrote:
> 
> It might be useful to have some sort of securemask on per process
> basis (with a special system call that can _set_ some bits of
> it--there should be no way of clearing a bit, and it should be
> inherited by children).
> 
> Possible applications that I am seeing:
> 
> * Forbid (and log) all attempts to *fork();
> * Forbid (and log) all attempts to exec*();
> * Forbid (and log) all attempts to setsockopt(), connect(), and sendto();
> * Forbid (and log) all attempts to setsockopt(), accept(), and recvfrom();
> * Change open() semantics so that open does not follow symbolic links;
> * Change open() semantics so that files can be opened only for 
>   (a) reading; (b) appending; (c) with O_EXCL|O_TRUNC flags.

It would be nice to see this implemented.  I'm not sure, but there is a "class"
field in master.passwd, which could be used to point to a database of sorts,
which could be used by login,xdm,etc for initializing this per-process field.
Of course, then some substantial changes to the kernel...


--Toby.