| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <4B0A5F8D.6090707@canonical.com> Date: Mon, 23 Nov 2009 02:10:21 -0800 From: John Johansen <john.johansen@...onical.com> To: Eric Paris <eparis@...hat.com> CC: David Howells <dhowells@...hat.com>, Andrew Morton <akpm@...ux-foundation.org>, graff.yang@...il.com, linux-kernel@...r.kernel.org, gyang@...ckfin.uclinux.org, uclinux-dist-devel@...ckfin.uclinux.org, Graff Yang <graf.yang@...log.com>, linux-security-module@...r.kernel.org, john.johansen@...onical.com Subject: Re: [PATCH] mm/nommu.c: Fix improperly call of security API in mmap Eric Paris wrote: > On Sat, 2009-11-21 at 00:16 +0000, David Howells wrote: >> Eric Paris <eparis@...hat.com> wrote: >> >>> +/* sec_flags for security_file_mmap */ >>> +#define SECURITY_MMAP_ADDR_ONLY 0x01 >>> +#define SECURITY_MMAP_NOT_ADDR 0x02 >> Please add comments to these to indicate what they're intended to convey. >> Would ADDR_ONLY be better as EXACT_ADDR? > > I think I should point out that this hook checks 2 things. Originally > it was only used to check if a file should be allowed to be mmaped. It > was later enhanced to check if the return address of mmap, if it is file > backed or anonymous, is acceptable. These flags only influence the > later. > > ADDR_ONLY means the security system should only check the address. > NOT_ADDR means they security system should not check the address. > > You need ADDR_ONLY when the hook is called on map that is not file > backed or where that has already been dealt with. You need NOT_ADDR > only for nommu where the whole idea of mmap_min_addr is pointless. > > I'm not sure what comments would convey.... > > /* security hook should only check the address */ > #define SECURITY_MMAP_ADDR_ONLY 0x01 > /* security hook should not check the address */ > #define SECURITY_MMAP_NOT_ADDR 0x02 > > Does that add something? > > Still haven't heard where people scream they absolutely need this today, > so I'm going to ask James to carry it in his for-next tree. > The comments convey a tad more but I don't think they are necessary, and I concur, it would be good if it went into the for-next tree. -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists