| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20111023162159.80444iahzf390vi8@guarana.org> Date: Sun, 23 Oct 2011 16:21:59 +1100 From: Kevin Easton <kevin@...rana.org> To: Linus Torvalds <torvalds@...ux-foundation.org> Cc: Roland McGrath <roland@...k.frob.com>, Andrew Morton <akpm@...ux-foundation.org>, James Morris <jmorris@...ei.org>, Eric Paris <eparis@...isplace.org>, Stephen Smalley <sds@...ho.nsa.gov>, selinux@...ho.nsa.gov, John Johansen <john.johansen@...onical.com>, linux-security-module@...r.kernel.org, linux-kernel@...r.kernel.org Subject: Re: [PATCH 1/2] LSM: Do not apply mmap_min_addr check to PROT_NONE mappings Quoting Linus Torvalds <torvalds@...ux-foundation.org>: > [ Resent, this seems to have gotten dropped by something. Sorry if it > shows up twice ] My fault, looks like lkml.org trims the CC list to an unreasonably small value. > On Sun, Oct 23, 2011 at 2:08 AM, Kevin Easton <kevin@...rana.org> wrote: >> >> Won't this still allow silent probing, because the malicious user can >> just try to create the mapping, then check in /proc/self/maps to see >> if it really worked? > > Yup, right you are. > > So we shouldn't do that either, and probably just leave the current > semantics, unless Roland (or others) can convince me that complicating > the kernel mmap security model really is worth it. > > Linus -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists