| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <Pine.LNX.4.64.0706271954030.5213@alien.or.mcafeemobile.com> Date: Wed, 27 Jun 2007 19:58:09 -0700 (PDT) From: Davide Libenzi <davidel@...ilserver.org> To: Nicholas Miell <nmiell@...cast.net> cc: Hugh Dickins <hugh@...itas.com>, Ulrich Drepper <drepper@...il.com>, blaisorblade@...oo.it, Linux Kernel Mailing List <linux-kernel@...r.kernel.org> Subject: Re: [patch 2/3] MAP_NOZERO - implement sys_brk2() On Wed, 27 Jun 2007, Davide Libenzi wrote: > On Wed, 27 Jun 2007, Nicholas Miell wrote: > > > 1) euid is not sufficient, you need to store away arbitrary LSM > > information and call LSM hooks to decide security equivalence. The same > > applies to VServer or whatever other container system you use. > > The EUID that is used now, can easily be any cookie. It can be an LSM > cookie (if LSM is active in the system). We don't do complex checks, like > group permission & Co. We assume that if a UID-cookie had such data > available (or it generated it), it can have it back uncleared. (looking through the LSM/SeLinux jungle) Also, LSM/SeLinux could disable completely the feature, at request. Just assign a known-to-be-invalid UID to mm->owner_uid (passign through an(other) hook), and pages will never be recycled. - Davide - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists