| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <alpine.LRH.2.00.0907221953190.15799@tundra.namei.org> Date: Wed, 22 Jul 2009 20:06:47 +1000 (EST) From: James Morris <jmorris@...ei.org> To: James Carter <jwcart2@...ho.nsa.gov> cc: Eric Paris <eparis@...hat.com>, linux-kernel@...r.kernel.org, linux-security-module@...r.kernel.org, selinux@...ho.nsa.gov, Stephen Smalley <sds@...ho.nsa.gov>, spender@...ecurity.net, Daniel J Walsh <dwalsh@...hat.com>, cl@...ux-foundation.org, Arjan van de Ven <arjan@...radead.org>, Alan Cox <alan@...rguk.ukuu.org.uk>, kees@...flux.net, Chad Sellers <csellers@...sys.com>, Tetsuo Handa <penguin-kernel@...ove.sakura.ne.jp> Subject: Re: mmap_min_addr and your local LSM (ok, just SELinux) On Tue, 21 Jul 2009, James Carter wrote: > Agreed. That guarantee has been stated from the very beginning for > SELinux; we shouldn't move away from it. Are there other places where > having an LSM weakens security by default? There's a similar form of hook in vm_enough_memory, but the SELinux module calls the DAC capability check first, so it seems ok from a policy writer's point of view (i.e. worst case is they revert to DAC). - James -- James Morris <jmorris@...ei.org> -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists