Trac is being migrated to new services! Issues can be found in our new
YouTrack instance and WIKI pages can be found on our
website.
- Timestamp:
-
Aug 21, 2015, 8:38:58 PM (8 years ago)
- Author:
-
mmcco
- Comment:
-
more on how to find privsep entry points
Legend:
- Unmodified
- Added
- Removed
- Modified
-
|
v64
|
v65
|
|
| 158 | 158 | * packagers and OS/distro developers use this to write good MAC profiles |
| 159 | 159 | |
| 160 | | ''Anecdotally, it'd be nice to start the convention of using a tag like `PRIVSEP` in code to help packagers find points of potential lockdown. Lacking these, searching for `fork()` and `exec()`-family functions with cscope or something similar is a good approach. |
| | 160 | ''Anecdotally, it'd be nice to start the convention of using a tag like `PRIVSEP` in code to help packagers find points of potential lockdown. Lacking these, searching for `fork()` and `exec()`-family functions with cscope or something similar is a good approach. Beyond that, running the program in a debugger and breaking on new process creation is educational, as is understanding its initialization and `main()` logic well.'' |
| 161 | 161 | |
| 162 | 162 | === Breakages === |
All information, including names and email addresses, entered onto this website or sent to mailing lists affiliated with this website will be public. Do not post confidential information, especially passwords!
