crtxcr/exile.h
1
0
Atdalīts 0
Kods Problēmas 14 Izmaiņu pieprasījumi 1 Laidieni Vikivietne Aktivitāte

Allow adding syscalls by group names #18

Jauna problēma
Slēgta
crtxcr atvēra 2021-09-06 22:35:05 +02:00 · 1 komentārs
crtxcr komentēja 2021-09-06 22:35:05 +02:00
Īpašnieks
Kopēt saiti

If you add "open", there is a chance you also want to block "openat"...

So make this easy by allow adding system call by group names to the policy.

Also, maybe take some inspiration from pledge().

If you add "open", there is a chance you also want to block "openat"... So make this easy by allow adding system call by group names to the policy. Also, maybe take some inspiration from pledge().
crtxcr pievienoja
enhancement
 iezīmi 2021-09-06 22:35:05 +02:00
crtxcr komentēja 2021-09-18 22:55:42 +02:00
Autors
Īpašnieks
Kopēt saiti

If there was a kernel update, but no qssb.h update or code is using an outdated verison, new syscalls could have been added that are not in any group yet.

Thus, we may habe to auto blacklist all those that we do not know.

Alternatively, adding syscalls by groups should only be allowed for whitelisting?

If there was a kernel update, but no qssb.h update or code is using an outdated verison, new syscalls could have been added that are not in any group yet. Thus, we may habe to auto blacklist all those that we do not know. Alternatively, adding syscalls by groups should only be allowed for whitelisting?
crtxcr slēdza šo problēmu 2021-11-20 19:52:05 +01:00
Nepieciešams pieteikties, lai pievienotos šai sarunai.
Nav norādīts atzars/tags
Atzari Tagi
Iezīmes
Noņemt iezīmes
bug
Something is not working
duplicate
This issue or pull request already exists
enhancement
New feature
help wanted
Need some help
invalid
Something is wrong
question
More information is needed
wontfix
This won't be fixed
Nav iezīmju
enhancement
Atskaites punkts
Nav vienumu
Nav atskaites punktu
Atbildīgie
Noņemt atbildīgo
crtxcr
Nav atbildīgo
1 dalībnieki
Paziņojumi
Izpildes termiņš
Izpildes termiņš nav uzstādīts.
Atkarības

Nav atkarību.

Atsaucas uz: crtxcr/exile.h#18
Nav sniegts apraksts.
Dzēst atzaru "%!s()"

Atzara dzēšana ir neatgriezeniska. Kaut arī izdzēstais zars neilgu laiku var turpināt pastāvēt, pirms tas tiešām tiek noņemts, to vairumā gadījumu NEVAR atsaukt. Vai turpināt?