[Gllug] Restricting Process Visibility

- Tethys tethys at gmail.com
Wed May 17 15:30:51 UTC 2006


On 5/17/06, Steve Nelson <sanelson at gmail.com> wrote:

> > ps. On a more constructive note, SELinux sprung to mind.
> > But I guess that only grants you or denys you the right to look
> > at things in /proc
>
> Which would be a big step forward... but rhel 3 / 2.4 kernel doesn't
> have selinux :(

Yeah, I thought about SELinux initially, and also systrace, which is
probably a better option. But I don't think either of them allow
conditional policy decisions in that way, which is what would be
needed here. What you want is the ability to say:

- a request has been made to open() a file in /proc [1]
- permit the syscall to continue if:
  - the file is owned by the current user
  - the file is under /proc/foo, where foo is numeric

Systrace can conditionally permit/deny the syscall based on substring
matching in the arguments, but we need more than that in this
situation.

Tet

[1] ...and also getdents()/readdir() etc.
-- 
Gllug mailing list  -  Gllug at gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug




More information about the GLLUG mailing list