| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20090720204848.5f37c92a@infradead.org> Date: Mon, 20 Jul 2009 20:48:48 -0700 From: Arjan van de Ven <arjan@...radead.org> To: Eric Paris <eparis@...hat.com> Cc: linux-kernel@...r.kernel.org, linux-security-module@...r.kernel.org, selinux@...ho.nsa.gov, sds@...ho.nsa.gov, jmorris@...ei.org, spender@...ecurity.net, dwalsh@...hat.com, cl@...ux-foundation.org, alan@...rguk.ukuu.org.uk Subject: Re: mmap_min_addr and your local LSM (ok, just SELinux) On Mon, 20 Jul 2009 19:23:43 -0400 Eric Paris <eparis@...hat.com> wrote: > > Does anyone see a better way to let users continue to be users while > protecting most people? Yes SELinux is stronger in some areas than > without confining the ability to map the 0 page, but as has be rightly > pointed out it's foolish an broken that SELinux can weaken any > protections. one option is to allow the page to be mapped, but only as non-executable... in DOS that memory isn't where code lives anyway... -- Arjan van de Ven Intel Open Source Technology Centre For development, discussion and tips for power savings, visit http://www.lesswatts.org -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists