Date: Sat, 6 Nov 1999 20:30:17 -0500 From: "C. Stephen Gunn" <csg@dustdevil.waterspout.com> To: "Daniel C. Sobral" <dcs@newsguy.com> Cc: freebsd-hackers@freebsd.org, ajk@waterspout.com Subject: Re: exec() security enhancement Message-ID: <19991106203017.A85082@dustdevil.waterspout.com> In-Reply-To: <3824793E.CF39EF0B@newsguy.com> References: <199910302232.AAA16912@sirius.we.lc.ehu.es> <3824793E.CF39EF0B@newsguy.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, Nov 07, 1999 at 03:53:50AM +0900, Daniel C. Sobral wrote:
> [and, as you said, the same goes for nosuid -- and for nodev too]
>
> This doesn't enhance security. It enhances auditability. I like
> this. Add a syslog, and a sysctl to turn it on or off. It seems
> straight-forward and light-weight. Send the patches. :-)
I quickly wrote the code to do this this evening. Its almost
ready to be contributed.
What should the sysctl ndoes be named? These really implement
similar functionality to net.inet.{tcp|udp}.log_in_vain, but
obviously don't belong under net.
What about something like "kern.audit.*"?
There are probably several other areas that we could increase
the kernel's verbosity, and put the sysctls under there.
Comments? Suggestions?
- Steve
--
C. Stephen Gunn URL: http://www.waterspout.com/
WaterSpout Communications, Inc. Email: csg@waterspout.com
427 North 6th Street Phone: +1 765.742.6628
Lafayette, IN 47901 Fax: +1 765.742.0646
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19991106203017.A85082>