Re: mmap_min_addr and your local LSM (ok, just SELinux)

From: Arnd Bergmann
Date: Tue Jul 21 2009 - 07:33:02 EST

Next message: Ferenc Wagner: "NOHZ: local_softirq_pending 80"
Previous message: Andi Kleen: "Re: [RFC][PATCH 0/3] kcore: clean up and update ram information properly"
In reply to: Kyle McMartin: "Re: mmap_min_addr and your local LSM (ok, just SELinux)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tuesday 21 July 2009, Kyle McMartin wrote:
>
> Why do we not add a personality flag for this? With that, at least you
> could require a harmless setuid wrapper for wine that just set the
> personality bits and dropped root.

I thought the MMAP_PAGE_ZERO personality bit was exactly what Brad
was using in his demonstration. We don't need to define a new bit,
just use the one that's there ;-).

Then again, setting personality flags does not require root permissions
normally, so it's not an extremely strong protection, unless you also
start requiring CAP_SYS_RAWIO for setting MMAP_PAGE_ZERO.

Arnd <><
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Ferenc Wagner: "NOHZ: local_softirq_pending 80"
Previous message: Andi Kleen: "Re: [RFC][PATCH 0/3] kcore: clean up and update ram information properly"
In reply to: Kyle McMartin: "Re: mmap_min_addr and your local LSM (ok, just SELinux)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]