Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1755135AbZFCT2U (ORCPT ); Wed, 3 Jun 2009 15:28:20 -0400 Received: (majordomo@vger.kernel.org) by vger.kernel.org id S1753327AbZFCT2N (ORCPT ); Wed, 3 Jun 2009 15:28:13 -0400 Received: from smtp1.linux-foundation.org ([140.211.169.13]:56469 "EHLO smtp1.linux-foundation.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752527AbZFCT2M (ORCPT ); Wed, 3 Jun 2009 15:28:12 -0400 Date: Wed, 3 Jun 2009 12:27:32 -0700 (PDT) From: Linus Torvalds X-X-Sender: torvalds@localhost.localdomain To: Christoph Lameter cc: "Larry H." , Alan Cox , linux-mm@kvack.org, Rik van Riel , linux-kernel@vger.kernel.org, pageexec@freemail.hu Subject: Re: Security fix for remapping of page 0 (was [PATCH] Change ZERO_SIZE_PTR to point at unmapped space) In-Reply-To: Message-ID: References: <20090530230022.GO6535@oblivion.subreption.com> <20090531022158.GA9033@oblivion.subreption.com> <20090602203405.GC6701@oblivion.subreption.com> <20090603182949.5328d411@lxorguk.ukuu.org.uk> <20090603180037.GB18561@oblivion.subreption.com> <20090603183939.GC18561@oblivion.subreption.com> User-Agent: Alpine 2.01 (LFD 1184 2008-12-16) MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 1144 Lines: 30 On Wed, 3 Jun 2009, Christoph Lameter wrote: > > We could just move the check for mmap_min_addr out from > CONFIG_SECURITY? No. The thing is, the security model wants to modify the rules on what's "secure" and what isn't. And your patch just hard-coded that capable(CAP_SYS_RAWIO) decision - but that's not what something like SElinux actually uses to decide whether it's ok or not. So if you do it in generic code, you'd have to make it much more complex. One option would be to change the rule for what "security_file_mmap()" means, and make the return value says "yes, no, override". Where "override" would be "allow it for this process even if it's below the minimum mmap limit. But the better option really is to just copy the cap_file_mmap() rule to the !SECURITY rule, and make !SECURITY really mean the same as "always do default security", the way it's documented. Linus -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/