Message-Id: <200701091927.l09JRJXM021563@turing-police.cc.vt.edu>
To: Mimi Zohar <zohar@us.ibm.com>
Cc: Christoph Hellwig <hch@infradead.org>, akpm@osdl.org,
       kjhall@linux.vnet.ibm.com, linux-kernel@vger.kernel.org,
       safford@watson.ibm.com
Subject: Re: mprotect abuse in slim
In-Reply-To: Your message of "Mon, 08 Jan 2007 17:38:25 EST."
             <OFE2C5A2DE.3ADDD896-ON8525725D.007C0671-8525725D.007D2BA9@us.ibm.com>
From: Valdis.Kletnieks@vt.edu
References: <OFE2C5A2DE.3ADDD896-ON8525725D.007C0671-8525725D.007D2BA9@us.ibm.com>
Mime-Version: 1.0
Content-Type: multipart/signed; boundary="==_Exmh_1168370839_17810P";
	 micalg=pgp-sha1; protocol="application/pgp-signature"
Content-Transfer-Encoding: 7bit
Date: Tue, 09 Jan 2007 14:27:19 -0500
Sender: linux-kernel-owner@vger.kernel.org
Content-Length: 1099
Lines: 33

--==_Exmh_1168370839_17810P
Content-Type: text/plain; charset=us-ascii

On Mon, 08 Jan 2007 17:38:25 EST, Mimi Zohar said:

> revoked. Based on previous comments on lkml, we understand
> that this is not really possible in general, so SLIM only
> attempts to revoke access in certain simple cases.

Which, unfortunately, creates incredibly brittle code when some attacker
reads the SLIM source code and finds a way to force the non-simple case
you ignore.

This is an area where you really need to do it *right*, or not at all.

--==_Exmh_1168370839_17810P
Content-Type: application/pgp-signature

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Exmh version 2.5 07/13/2001

iD8DBQFFo+yXcC3lWbTT17ARAhA0AJ4uJL60Ecda2iyVSBGBKP7qFblerQCgqb4E
vk14vrHqBPH/rhx1CsR3L6g=
=tvSG
-----END PGP SIGNATURE-----

--==_Exmh_1168370839_17810P--
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/