Re: mprotect abuse in slim

From: Mimi Zohar
Date: Mon Jan 08 2007 - 17:38:42 EST

Next message: Valdis . Kletnieks: "Re: [PATCH] include/linux/slab.h: new KFREE() macro."
Previous message: Adrian Bunk: "Re: [PATCH 4/4] x86_64 ioapic: Improve the heuristics for when check_timer fails."
In reply to: Christoph Hellwig: "mprotect abuse in slim"
Next in thread: Arjan van de Ven: "Re: mprotect abuse in slim"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

SLIM implements dynamic process labels, so when a process
is demoted, we must be able to revoke write access to some
resources to which it has previously valid handles.
For example, if a shell reads an untrusted file, the
shell is demoted, and write access to more trusted files
revoked. Based on previous comments on lkml, we understand
that this is not really possible in general, so SLIM only
attempts to revoke access in certain simple cases.

Starting with the fdtable, would it help if we move the
fdtable tweaking out of slim itself and into helpers? Or
can you recommend another way to implement this functionality.

Mimi Zohar

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Valdis . Kletnieks: "Re: [PATCH] include/linux/slab.h: new KFREE() macro."
Previous message: Adrian Bunk: "Re: [PATCH 4/4] x86_64 ioapic: Improve the heuristics for when check_timer fails."
In reply to: Christoph Hellwig: "mprotect abuse in slim"
Next in thread: Arjan van de Ven: "Re: mprotect abuse in slim"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]