| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 2 Jul 2007 15:46:02 -0700 (PDT) From: Davide Libenzi <davidel@...ilserver.org> To: Ulrich Drepper <drepper@...il.com> cc: Rik van Riel <riel@...hat.com>, Andy Isaacson <adi@...apodia.org>, Kyle Moffett <mrmacman_g4@....com>, Linux Kernel Mailing List <linux-kernel@...r.kernel.org> Subject: Re: [patch 0/4] MAP_NOZERO v2 - VM_NOZERO/MAP_NOZERO early summer madness On Mon, 2 Jul 2007, Ulrich Drepper wrote: > On 7/2/07, Rik van Riel <riel@...hat.com> wrote: > > That should not happen. The default SELinux configuration > > in Fedora (and Debian?) runs a few daemons in their own > > restricted modes and has most of the system running in > > unconfined_t, including the majority of user programs. > > This is the state as of F7. This will change hopefully soon. > Programs like firefox run by normal users must be confined, to. Any > tests using security must be fast, it's not something which is done > only for a few apps. The strong requirement would be that the cookie is not a bit longer than sizeof(unsigned long). For the "equality" check, this better be "==", although it could be abstracted in a function/macro that SeLinux implements in a different way. But this "equality" check is done a page-fault time, so it better be pretty quick (otherwise if they bloat that path, they probably be better of not using MAP_NOZERO at all). - Davide - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists