[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Tue, 12 Dec 2017 16:44:52 +0100
From: Tomáš Trnka <trnka@....com>
To: linux-kernel@...r.kernel.org
Cc: Kees Cook <keescook@...omium.org>
Subject: Re: System-wide hard RLIMIT_STACK in 4.14.4+ w/ SELinux
> Of course this can be somewhat worked around by adjusting the SELinux policy
> (allowing blanket noatsecure permission for init_t and possibly others) or
> by pam_limits (for components using PAM).
Correction: pam_limits also usually doesn't help here, as it's often followed
by another secureexec (for example when login (local_login_t) executes the
shell with transition to unconfined_t).
2T
Powered by blists - more mailing lists