Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1761098AbXFGQ6t (ORCPT ); Thu, 7 Jun 2007 12:58:49 -0400 Received: (majordomo@vger.kernel.org) by vger.kernel.org id S1758148AbXFGQ6k (ORCPT ); Thu, 7 Jun 2007 12:58:40 -0400 Received: from sovereign.computergmbh.de ([85.214.69.204]:2142 "EHLO sovereign.computergmbh.de" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751749AbXFGQ6j (ORCPT ); Thu, 7 Jun 2007 12:58:39 -0400 Date: Thu, 7 Jun 2007 18:58:38 +0200 (CEST) From: Jan Engelhardt To: Stephen Smalley cc: Eric Paris , Alan Cox , James Morris , linux-kernel@vger.kernel.org, selinux@tycho.nsa.gov, drepper@redhat.com, roland@redhat.com, arjan@infradead.org, mingo@elte.hu, viro@zeniv.linux.org.uk, chrisw@redhat.com, sgrubb@redhat.com Subject: Re: [PATCH] Protection for exploiting null dereference using mmap In-Reply-To: <1181134068.3699.31.camel@moss-spartans.epoch.ncsc.mil> Message-ID: References: <1180561713.3633.27.camel@dhcp231-215.rdu.redhat.com> <20070603205653.GE25869@devserv.devel.redhat.com> <1180964306.14220.34.camel@moss-spartans.epoch.ncsc.mil> <1181075666.3978.31.camel@localhost.localdomain> <20070605211616.GE23291@devserv.devel.redhat.com> <1181078927.3978.42.camel@localhost.localdomain> <1181134068.3699.31.camel@moss-spartans.epoch.ncsc.mil> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: linux-kernel-owner@vger.kernel.org X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 570 Lines: 19 On Jun 6 2007 08:47, Stephen Smalley wrote: > >I'd be ok with having a different default for SELinux vs. non-SELinux, >i.e. no restrictions by default under dummy/capability, but restrict it >by default to 64k if selinux is enabled. Then we can use policy to >grant it as needed to the specific programs. 640k? Jan -- - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/