| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20070605225302.GE3723@sequoia.sous-sol.org> Date: Tue, 5 Jun 2007 15:53:03 -0700 From: Chris Wright <chrisw@...s-sol.org> To: Eric Paris <eparis@...hat.com> Cc: linux-kernel@...r.kernel.org, selinux@...ho.nsa.gov, Alan Cox <alan@...hat.com>, drepper@...hat.com, roland@...hat.com, arjan@...radead.org, mingo@...e.hu, viro@...iv.linux.org.uk, jmorris@...ei.org, chrisw@...hat.com, sds@...ho.nsa.gov, sgrubb@...hat.com Subject: Re: [PATCH] Protection for exploiting null dereference using mmap * Eric Paris (eparis@...hat.com) wrote: > One result of using the dummy hook for non-selinux kernels means that I > can't leave the generic module stacking code in the SELinux check. If > the secondary ops are called they will always deny the operation just > like in non-selinux systems even if SELinux policy would have allowed > the action. This patch may be the first step to removing the arbitrary > LSM module stacking code from SELinux. I think history has shown the > arbitrary module stacking is not a good idea and eventually I want to > pull out all the secondary calls which aren't used by the capability > module, so I view this as just the first step along those lines. Or replace them all with direct library calls to the capability code. - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists