[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <alpine.LFD.2.01.0906030925480.4880@localhost.localdomain>
Date: Wed, 3 Jun 2009 09:28:44 -0700 (PDT)
From: Linus Torvalds <torvalds@...ux-foundation.org>
To: Eric Paris <eparis@...isplace.org>
cc: Christoph Lameter <cl@...ux-foundation.org>,
"Larry H." <research@...reption.com>, linux-mm@...ck.org,
Alan Cox <alan@...rguk.ukuu.org.uk>,
Rik van Riel <riel@...hat.com>, linux-kernel@...r.kernel.org,
pageexec@...email.hu
Subject: Re: Security fix for remapping of page 0 (was [PATCH] Change
ZERO_SIZE_PTR to point at unmapped space)
On Wed, 3 Jun 2009, Eric Paris wrote:
>
> As I recall the only need for CONFIG_SECURITY is for the ability to
> override the check.
No, if you have SECURITY disabled entirely, the check goes away.
If you have SECURITY on, but then use the simple capability model, the
check is there.
If you have SECURITY on, and then use SElinux, you can make it be dynamic.
> I think I could probably pretty cleanly change it to use
> CAP_SYS_RAWIO/SELinux permissions if CONFIG_SECURITY and just allow it
> for uid=0 in the non-security case?
We probably should, since the "capability" security version should
generally essentially emulate the regular non-SECURITY case for root.
Linus
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists