| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 3 Jun 2009 09:28:44 -0700 (PDT) From: Linus Torvalds <torvalds@...ux-foundation.org> To: Eric Paris <eparis@...isplace.org> cc: Christoph Lameter <cl@...ux-foundation.org>, "Larry H." <research@...reption.com>, linux-mm@...ck.org, Alan Cox <alan@...rguk.ukuu.org.uk>, Rik van Riel <riel@...hat.com>, linux-kernel@...r.kernel.org, pageexec@...email.hu Subject: Re: Security fix for remapping of page 0 (was [PATCH] Change ZERO_SIZE_PTR to point at unmapped space) On Wed, 3 Jun 2009, Eric Paris wrote: > > As I recall the only need for CONFIG_SECURITY is for the ability to > override the check. No, if you have SECURITY disabled entirely, the check goes away. If you have SECURITY on, but then use the simple capability model, the check is there. If you have SECURITY on, and then use SElinux, you can make it be dynamic. > I think I could probably pretty cleanly change it to use > CAP_SYS_RAWIO/SELinux permissions if CONFIG_SECURITY and just allow it > for uid=0 in the non-security case? We probably should, since the "capability" security version should generally essentially emulate the regular non-SECURITY case for root. Linus -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists