lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Tue, 12 Dec 2017 20:36:15 +0100 From: Tomáš Trnka <trnka@....com> To: Kees Cook <keescook@...omium.org> Cc: LKML <linux-kernel@...r.kernel.org>, Stephen Smalley <sds@...ho.nsa.gov>, Paul Moore <pmoore@...hat.com>, Linus Torvalds <torvalds@...ux-foundation.org>, Laura Abbott <labbott@...hat.com> Subject: Re: System-wide hard RLIMIT_STACK in 4.14.4+ w/ SELinux On Tuesday, 12 December 2017 20:23:47 CET Kees Cook wrote: > This is an interesting state for the system to be in, though, it means > AT_SECURE is being set for virtually all processes too? I would expect > that might break a lot too (but clearly it hasn't). Not really. AT_SECURE is set only for the exec that triggers a domain transition, but unlike the rlimits it's not inherited by descendants (as long as they stay within the same SELinux domain). 2T
Powered by blists - more mailing lists