Date: Mon, 20 Jul 2009 20:48:48 -0700
From: Arjan van de Ven <arjan@infradead.org>
To: Eric Paris <eparis@redhat.com>
Cc: linux-kernel@vger.kernel.org, linux-security-module@vger.kernel.org,
       selinux@tycho.nsa.gov, sds@tycho.nsa.gov, jmorris@namei.org,
       spender@grsecurity.net, dwalsh@redhat.com, cl@linux-foundation.org,
       alan@lxorguk.ukuu.org.uk
Subject: Re: mmap_min_addr and your local LSM (ok, just SELinux)
Message-ID: <20090720204848.5f37c92a@infradead.org>
In-Reply-To: <1248132223.2654.278.camel@localhost>
References: <1248132223.2654.278.camel@localhost>
Organization: Intel
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Sender: linux-kernel-owner@vger.kernel.org
Content-Length: 892
Lines: 22

On Mon, 20 Jul 2009 19:23:43 -0400
Eric Paris <eparis@redhat.com> wrote:
> 
> Does anyone see a better way to let users continue to be users while
> protecting most people?  Yes SELinux is stronger in some areas than
> without confining the ability to map the 0 page, but as has be rightly
> pointed out it's foolish an broken that SELinux can weaken any
> protections.

one option is to allow the page to be mapped, but only as
non-executable... in DOS that memory isn't where code lives anyway...


-- 
Arjan van de Ven 	Intel Open Source Technology Centre
For development, discussion and tips for power savings, 
visit http://www.lesswatts.org
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/