Date: Fri, 10 Sep 1999 14:36:53 +0200 (CEST) From: Andrzej Bialecki <abial@webgiro.com> To: Daniel O'Connor <doconnor@gsoft.com.au> Cc: Jason Young <doogie@anet-stl.com>, Gustavo V G C Rios <grios@ddsecurity.com.br>, freebsd-hackers@FreeBSD.ORG, chris@calldei.com Subject: RE: CS Project Message-ID: <Pine.BSF.4.05.9909101433280.16848-100000@freja.webgiro.com> In-Reply-To: <XFMail.990909163723.doconnor@gsoft.com.au>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, 9 Sep 1999, Daniel O'Connor wrote: > > On 09-Sep-99 Jason Young wrote: > > After some thought, I think the mount option idea is best. I hadn't > > thought of that before. One might want to apply different procfs > > security policies to different mounts of procfs, especially in a > > jail() situation. Good call. > > Yeah, you'd have to make sure procfs doesn't mind being mounted multiple times, > something I'm not sure is true. Also, don't forget about sysctl. kvm will defend itself with permissions on /dev/kme, but sysctl is available for reading to anyone (see src/release/picobsd/tinyware/sps to see what i mean). Andrzej Bialecki // <abial@webgiro.com> WebGiro AB, Sweden (http://www.webgiro.com) // ------------------------------------------------------------------- // ------ FreeBSD: The Power to Serve. http://www.freebsd.org -------- // --- Small & Embedded FreeBSD: http://www.freebsd.org/~picobsd/ ---- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.05.9909101433280.16848-100000>