lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-Id: <200907211331.50196.arnd@arndb.de>
Date:	Tue, 21 Jul 2009 13:31:50 +0200
From:	Arnd Bergmann <arnd@...db.de>
To:	Kyle McMartin <kyle@...artin.ca>
Cc:	Eric Paris <eparis@...hat.com>, linux-kernel@...r.kernel.org,
	linux-security-module@...r.kernel.org, selinux@...ho.nsa.gov,
	sds@...ho.nsa.gov, jmorris@...ei.org, spender@...ecurity.net,
	dwalsh@...hat.com, cl@...ux-foundation.org, arjan@...radead.org,
	alan@...rguk.ukuu.org.uk
Subject: Re: mmap_min_addr and your local LSM (ok, just SELinux)

On Tuesday 21 July 2009, Kyle McMartin wrote:
> 
> Why do we not add a personality flag for this? With that, at least you
> could require a harmless setuid wrapper for wine that just set the
> personality bits and dropped root.

I thought the MMAP_PAGE_ZERO personality bit was exactly what Brad
was using in his demonstration. We don't need to define a new bit,
just use the one that's there ;-).

Then again, setting personality flags does not require root permissions
normally, so it's not an extremely strong protection, unless you also
start requiring CAP_SYS_RAWIO for setting MMAP_PAGE_ZERO.

	Arnd <><
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ