From owner-freebsd-hackers Sat Nov 6 17:30:20 1999 Delivered-To: freebsd-hackers@freebsd.org Received: from dustdevil.waterspout.com (dustdevil.waterspout.com [208.13.60.151]) by hub.freebsd.org (Postfix) with ESMTP id 5CEEB14F16 for ; Sat, 6 Nov 1999 17:30:18 -0800 (PST) (envelope-from csg@waterspout.com) Received: by dustdevil.waterspout.com (Postfix, from userid 1000) id 5AEF19F; Sat, 6 Nov 1999 20:30:17 -0500 (EST) Date: Sat, 6 Nov 1999 20:30:17 -0500 From: "C. Stephen Gunn" To: "Daniel C. Sobral" Cc: freebsd-hackers@freebsd.org, ajk@waterspout.com Subject: Re: exec() security enhancement Message-ID: <19991106203017.A85082@dustdevil.waterspout.com> References: <199910302232.AAA16912@sirius.we.lc.ehu.es> <3824793E.CF39EF0B@newsguy.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 1.0pre3i In-Reply-To: <3824793E.CF39EF0B@newsguy.com> Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On Sun, Nov 07, 1999 at 03:53:50AM +0900, Daniel C. Sobral wrote: > [and, as you said, the same goes for nosuid -- and for nodev too] > > This doesn't enhance security. It enhances auditability. I like > this. Add a syslog, and a sysctl to turn it on or off. It seems > straight-forward and light-weight. Send the patches. :-) I quickly wrote the code to do this this evening. Its almost ready to be contributed. What should the sysctl ndoes be named? These really implement similar functionality to net.inet.{tcp|udp}.log_in_vain, but obviously don't belong under net. What about something like "kern.audit.*"? There are probably several other areas that we could increase the kernel's verbosity, and put the sysctls under there. Comments? Suggestions? - Steve -- C. Stephen Gunn URL: http://www.waterspout.com/ WaterSpout Communications, Inc. Email: csg@waterspout.com 427 North 6th Street Phone: +1 765.742.6628 Lafayette, IN 47901 Fax: +1 765.742.0646 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message