UidSEC LSM

This module extends the standard UN*X "resource protection" model adding some features useful for untrusted multiuser systems

Current features

  • Deny usage of dmesg to unprivileged users
  • Hide processes of "other users" to unprivileged users (example: sam can only see his processes during a 'top' or a 'ps aux')
  • Deny access to /sys and /config to unprivileged users
  • Protect usage of bind() syscall using UidBIND
  • Assign a group that can use dmesg and see all system processes
    •
    You can download uidsec module from here:
    uidsec-lsm-0.1.tar.gz


    You need (obviously) the LSM framework and (if you want bind() protection) a system with configfs enabled:
    	root@hell: modprobe configfs
	root@hell: mount -t configfs none /config

    POWERED BY UNBIT