hidden by default

Submit your RBAC policies or suggest policy improvements

hidden by default

Postby KDE » Sun Jul 22, 2012 5:44 am

current grsec requires to list all hidden directories and files with mark "h",
if some directory is forgotten it remains readable, which can be big security hole
It would be more secure if all directories and files would be hidden by default except listed ones
/lib64 with mark "r" - directory is readable, but its subdirectories are hidden
/usr/lib64 with marks "Rr" - directory and its subdirectories are readable
Posts: 57
Joined: Sat Feb 09, 2008 5:29 am

Return to RBAC policy development