[grsec] idea: auto-globbing on libs with version numbers in
filename using a regex
Marc Schiffbauer
marc at schiffbauer.net
Fri Apr 1 06:18:36 EST 2005
Hi Brad,
would it make sense to you to implement some kind of auto-globbing
for some files, maybe configured through learn_config?
I personlly do not like the fact that updating of some library to a
newer version will make binaries linked against them unusable until
I update the grsec policy...
Example:
full learning printed something like
/usr/X11R6/lib/libX11.so.6.2 rx
/usr/X11R6/lib/libXpm.so.4.11 rx
into the policy.
Now I think it would make sense (and not reduce security too much) to put
/usr/X11R6/lib/libX11.so.* rx
/usr/X11R6/lib/libXpm.so.* rx
into the policy instead so that future versions of that library will
work.
A config option with a regex like
auto-glob /usr/X11R6/lib/lib.*\.so\.([0-9.]+)
where \1 will be replaced by * automagically would be another cool
feature... what do you think?
-Marc
--
-------------------------------------------
Take back the Net! http://www.anti-dmca.org
-------------------------------------------
More information about the grsecurity
mailing list