Socket restriction feature request

Discuss and suggest new grsecurity features

Socket restriction feature request

Postby hgl » Thu Aug 01, 2013 11:39 am

Hi,

as far as i know, the socket restrictions in grsec (inside the kernel) are based on the group id at the moment.
Is it possible to compile a whitelist with pathnames of trusted progs into the kernel, to deny socket creation to the rest?

Best regards (and thx for this great project)
hgl
hgl
 
Posts: 1
Joined: Thu Aug 01, 2013 10:51 am

Re: Socket restriction feature request

Postby spender » Thu Aug 01, 2013 6:49 pm

You will need RBAC for this.

-Brad
spender
 
Posts: 2185
Joined: Wed Feb 20, 2002 8:00 pm


Return to grsecurity development