From owner-freebsd-hackers Fri Sep 10 5:36:30 1999 Delivered-To: freebsd-hackers@freebsd.org Received: from freja.webgiro.com (freja.webgiro.com [212.209.29.10]) by hub.freebsd.org (Postfix) with ESMTP id 7948B15028 for ; Fri, 10 Sep 1999 05:36:18 -0700 (PDT) (envelope-from abial@webgiro.com) Received: by freja.webgiro.com (Postfix, from userid 1001) id 5B6E21914; Fri, 10 Sep 1999 14:36:58 +0200 (CEST) Received: from localhost (localhost [127.0.0.1]) by freja.webgiro.com (Postfix) with ESMTP id 584FB49D3; Fri, 10 Sep 1999 14:36:58 +0200 (CEST) Date: Fri, 10 Sep 1999 14:36:53 +0200 (CEST) From: Andrzej Bialecki To: Daniel O'Connor Cc: Jason Young , Gustavo V G C Rios , freebsd-hackers@FreeBSD.ORG, chris@calldei.com Subject: RE: CS Project In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On Thu, 9 Sep 1999, Daniel O'Connor wrote: > > On 09-Sep-99 Jason Young wrote: > > After some thought, I think the mount option idea is best. I hadn't > > thought of that before. One might want to apply different procfs > > security policies to different mounts of procfs, especially in a > > jail() situation. Good call. > > Yeah, you'd have to make sure procfs doesn't mind being mounted multiple times, > something I'm not sure is true. Also, don't forget about sysctl. kvm will defend itself with permissions on /dev/kme, but sysctl is available for reading to anyone (see src/release/picobsd/tinyware/sps to see what i mean). Andrzej Bialecki // WebGiro AB, Sweden (http://www.webgiro.com) // ------------------------------------------------------------------- // ------ FreeBSD: The Power to Serve. http://www.freebsd.org -------- // --- Small & Embedded FreeBSD: http://www.freebsd.org/~picobsd/ ---- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message