find /proc/| grep grse
/proc/sys/fs/grsecurity
/proc/sys/fs/grsecurity/grsec_lock
/proc/sys/fs/grsecurity/tpe_restrict_all
/proc/sys/fs/grsecurity/tpe_gid
/proc/sys/fs/grsecurity/tpe
Вот такой вот частичный порт. Но обращаю внимание, что бОльшая часть фич Grsecurity не работает в OpenVZ по причине, что механизмы OpenVZ и Grsecurity часто перескаются.
Что же такое этот tpe?
Trusted path execution is another optional feature that can be used to prevent users from executing binaries that are not owned by the root user, or are world-writable. This is useful to prevent users from executing their own malicious binaries or accidentally executing world-writable system binaries that could have been modified by a malicious user.
Источник: http://wiki.openvz.org/Grsecurity
No comments :
Post a Comment
Note: only a member of this blog may post a comment.