Re: [RFC][PATCH} 2.6 and grsecurity

From: Martin Waitz (tali_at_admingilde.org)
Date: 02/17/04

Next message: Dave Kleikamp: "Re: UTF-8 and case-insensitivity"

Previous message: Carl Thompson: "Re: hard lock using combination of devices"
In reply to: Valdis.Kletnieks_at_vt.edu: "[RFC][PATCH} 2.6 and grsecurity"
Next in thread: Valdis.Kletnieks_at_vt.edu: "Re: [RFC][PATCH} 2.6 and grsecurity"
Reply: Valdis.Kletnieks_at_vt.edu: "Re: [RFC][PATCH} 2.6 and grsecurity"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Date:	Tue, 17 Feb 2004 15:23:33 +0100
To: Valdis.Kletnieks@vt.edu

hi :)

On Mon, Feb 16, 2004 at 08:34:17PM -0500, Valdis.Kletnieks@vt.edu wrote:
> spin_lock_bh(&inet_peer_idlock);
> - id = p->ip_id_count;
> +#ifdef CONFIG_SECURITY_RANDID
> + if (security_enable_randid)
> + id = ip_randomid();
> + else
> +#endif
> + id = p->ip_id_count;

you could #define security_enable_* to 0 when CONFIG_SECURITY_*
is disabled. thay way you don't need the ugly #ifdef in the .c file

on the other hand, why do one need a syscall anyway.
only to justify the existence of some ugly lockdown mode?

well, why make it even configurable?
eigther it increases security, then by all means: enable it
unconditionally;
or it doesn't increase security, and why do we need it then?

-- 
CU,		  / Friedrich-Alexander University Erlangen, Germany
Martin Waitz	//  Department of Computer Science 12      _________
______________/// - - - - - - - - - - - - - - - - - - - - ///
dies ist eine manuell generierte mail, sie beinhaltet    //
tippfehler und ist auch ohne grossbuchstaben gueltig.   /

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

application/pgp-signature attachment: stored

Next message: Dave Kleikamp: "Re: UTF-8 and case-insensitivity"

Previous message: Carl Thompson: "Re: hard lock using combination of devices"
In reply to: Valdis.Kletnieks_at_vt.edu: "[RFC][PATCH} 2.6 and grsecurity"
Next in thread: Valdis.Kletnieks_at_vt.edu: "Re: [RFC][PATCH} 2.6 and grsecurity"
Reply: Valdis.Kletnieks_at_vt.edu: "Re: [RFC][PATCH} 2.6 and grsecurity"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Relevant Pages

Re: request: capabilities that allow users to drop privileges further
... they have to as shellcode won't include a dynamic linker. ... and felix only was concerned about security. ... dies ist eine manuell generierte mail, ... send the line "unsubscribe linux-kernel" in ...
(Linux-Kernel)
Re: Syscall security
... > whatever, but it's per syscall. ... > with one of the Linux security modules based on the LSM framework. ... Iterate for each submission - sometimes one every couple ... send the line "unsubscribe linux-kernel" in ...
(Linux-Kernel)
Re: [PATCH] sys_chroot() hook for additional chroot() jails enforcing
... >> syscall, and makes us able to add additional enforcing and security ... send the line "unsubscribe linux-kernel" in ...
(Linux-Kernel)
Re: SATA support merge in 2.4.27
... > A stable kernel is a kernel in which a new release does not induce 20 rejects ... > confidently upgrade to fix a security issue without worrying that everything ... send the line "unsubscribe linux-kernel" in ...
(Linux-Kernel)
Re: Interrupt lost { .... }
... > CHS current addressable sectors: ... > not expired: security count ... send the line "unsubscribe linux-kernel" in ...
(Linux-Kernel)