[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <alpine.DEB.2.20.1706121929430.1911@nanos>
Date: Mon, 12 Jun 2017 19:32:30 +0200 (CEST)
From: Thomas Gleixner <tglx@...utronix.de>
To: Salvatore Mesoraca <s.mesoraca16@...il.com>
cc: linux-kernel@...r.kernel.org,
linux-security-module@...r.kernel.org,
kernel-hardening@...ts.openwall.com,
Brad Spengler <spender@...ecurity.net>,
PaX Team <pageexec@...email.hu>,
Casey Schaufler <casey@...aufler-ca.com>,
Kees Cook <keescook@...omium.org>,
James Morris <james.l.morris@...cle.com>,
"Serge E. Hallyn" <serge@...lyn.com>, x86@...nel.org,
Ingo Molnar <mingo@...hat.com>
Subject: Re: [PATCH 08/11] Creation of "pagefault_handler_x86" LSM hook
On Mon, 12 Jun 2017, Salvatore Mesoraca wrote:
> Creation of a new hook to let LSM modules handle user-space pagefaults on
> x86.
> It can be used to avoid segfaulting the originating process.
> If it's the case it can modify process registers before returning.
That explains, what you could do with it, but it completely lacks any
rationale WHY this is desired and good behaviour and how that is a security
feature.
Thanks,
tglx
Powered by blists - more mailing lists