Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1764214AbXF1C6W (ORCPT ); Wed, 27 Jun 2007 22:58:22 -0400 Received: (majordomo@vger.kernel.org) by vger.kernel.org id S1760060AbXF1C6N (ORCPT ); Wed, 27 Jun 2007 22:58:13 -0400 Received: from x35.xmailserver.org ([64.71.152.41]:1109 "EHLO x35.xmailserver.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1763338AbXF1C6N (ORCPT ); Wed, 27 Jun 2007 22:58:13 -0400 X-AuthUser: davidel@xmailserver.org Date: Wed, 27 Jun 2007 19:58:09 -0700 (PDT) From: Davide Libenzi X-X-Sender: davide@alien.or.mcafeemobile.com To: Nicholas Miell cc: Hugh Dickins , Ulrich Drepper , blaisorblade@yahoo.it, Linux Kernel Mailing List Subject: Re: [patch 2/3] MAP_NOZERO - implement sys_brk2() In-Reply-To: Message-ID: References: <1182982309.2737.9.camel@entropy> X-GPG-FINGRPRINT: CFAE 5BEE FD36 F65E E640 56FE 0974 BF23 270F 474E X-GPG-PUBLIC_KEY: http://www.xmailserver.org/davidel.asc MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: linux-kernel-owner@vger.kernel.org X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 1086 Lines: 28 On Wed, 27 Jun 2007, Davide Libenzi wrote: > On Wed, 27 Jun 2007, Nicholas Miell wrote: > > > 1) euid is not sufficient, you need to store away arbitrary LSM > > information and call LSM hooks to decide security equivalence. The same > > applies to VServer or whatever other container system you use. > > The EUID that is used now, can easily be any cookie. It can be an LSM > cookie (if LSM is active in the system). We don't do complex checks, like > group permission & Co. We assume that if a UID-cookie had such data > available (or it generated it), it can have it back uncleared. (looking through the LSM/SeLinux jungle) Also, LSM/SeLinux could disable completely the feature, at request. Just assign a known-to-be-invalid UID to mm->owner_uid (passign through an(other) hook), and pages will never be recycled. - Davide - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/