lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <1669126.Pey9B8WxsI@electra> Date: Tue, 12 Dec 2017 16:44:52 +0100 From: Tomáš Trnka <trnka@....com> To: linux-kernel@...r.kernel.org Cc: Kees Cook <keescook@...omium.org> Subject: Re: System-wide hard RLIMIT_STACK in 4.14.4+ w/ SELinux > Of course this can be somewhat worked around by adjusting the SELinux policy > (allowing blanket noatsecure permission for init_t and possibly others) or > by pam_limits (for components using PAM). Correction: pam_limits also usually doesn't help here, as it's often followed by another secureexec (for example when login (local_login_t) executes the shell with transition to unconfined_t). 2T
Powered by blists - more mailing lists