[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <alpine.LRH.2.00.0907221953190.15799@tundra.namei.org>
Date: Wed, 22 Jul 2009 20:06:47 +1000 (EST)
From: James Morris <jmorris@...ei.org>
To: James Carter <jwcart2@...ho.nsa.gov>
cc: Eric Paris <eparis@...hat.com>, linux-kernel@...r.kernel.org,
linux-security-module@...r.kernel.org, selinux@...ho.nsa.gov,
Stephen Smalley <sds@...ho.nsa.gov>, spender@...ecurity.net,
Daniel J Walsh <dwalsh@...hat.com>, cl@...ux-foundation.org,
Arjan van de Ven <arjan@...radead.org>,
Alan Cox <alan@...rguk.ukuu.org.uk>, kees@...flux.net,
Chad Sellers <csellers@...sys.com>,
Tetsuo Handa <penguin-kernel@...ove.sakura.ne.jp>
Subject: Re: mmap_min_addr and your local LSM (ok, just SELinux)
On Tue, 21 Jul 2009, James Carter wrote:
> Agreed. That guarantee has been stated from the very beginning for
> SELinux; we shouldn't move away from it. Are there other places where
> having an LSM weakens security by default?
There's a similar form of hook in vm_enough_memory, but the SELinux module
calls the DAC capability check first, so it seems ok from a policy
writer's point of view (i.e. worst case is they revert to DAC).
- James
--
James Morris
<jmorris@...ei.org>
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists