Wojtek schrieb am 04. Jun 2009 um 13:57:07 CEST:
> Hi,
>
> blocking access with file permissions seems for me risky - we thought
> about it to. The reason: complexity of dependencies.
>
> That's why we wanted some kind of clean separation like VM or other kind
> of virtualisiation/separation of ressources.
>
> Our system is for users :) So we will not block the access.
> But... There are also privacy rights.
There are kernel patches just for this kind of security enhancements. Have a
look at:
http://www.grsecurity.net/index.php
http://en.wikibooks.org/wiki/Grsecurity
These patches restrict the access to /proc only to the user's own processes.
We used this some time ago in kernel 2.4 times. It works nice.
Helmut
--
-------------------------------------------------------------------------
Helmut Lichtenberg <[email protected]> Tel.: 05034/871-128
Institut für Nutztiergenetik (FLI) 31535 Neustadt Germany
-------------------------------------------------------------------------
------------------------------------------------------------------------------
OpenSolaris 2009.06 is a cutting edge operating system for enterprises
looking to deploy the next generation of Solaris that includes the latest
innovations from Sun and the OpenSource community. Download a copy and
enjoy capabilities such as Networking, Storage and Virtualization.
Go to: http://p.sf.net/sfu/opensolaris-get
_____________________________________________________________________
Ltsp-discuss mailing list. To un-subscribe, or change prefs, goto:
https://lists.sourceforge.net/lists/listinfo/ltsp-discuss
For additional LTSP help, try #ltsp channel on irc.freenode.net
