| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 20 Mar 2013 11:59:42 -0400 From: Vivek Goyal <vgoyal@...hat.com> To: Mimi Zohar <zohar@...ux.vnet.ibm.com> Cc: linux-kernel@...r.kernel.org, linux-security-module@...r.kernel.org, dmitry.kasatkin@...el.com, akpm@...ux-foundation.org, ebiederm@...ssion.com, Al Viro <viro@...IV.linux.org.uk> Subject: Re: [PATCH 4/4] binfmt_elf: Elf executable signature verification On Tue, Mar 19, 2013 at 10:39:01AM -0400, Mimi Zohar wrote: [..] > > Lastly, adding 'VM_LOCKED' here seems to change existing, expected > behavior. According to the mlock(2) man pages, "Memory locks are not > inherited by a child created via fork(2) and are automatically removed > (unlocked) during an execve(2) or when the process terminates." Someone > else needs to comment on this sort of change. Andrew? Al? I think removing locks during execve() makes sense. New executable will get its own locked memory and it is not dependent on memory areas locked before execve(). fork() is more interesting though. I guess we could just reset the "signed" bit of forked process. So it does not inherit it from parent. And when forked process does exec() it will lock its own memory areas and get "signed" bit if signatuer verification was successful. So looks like exeisting memory lock behavior on fork()/execve() will be fine. Thanks Vivek -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists