Re: 2.6.6-mm1
From: Stephen Smalley
Date: Tue May 11 2004 - 09:40:17 EST
On Mon, 2004-05-10 at 17:37, Christoph Hellwig wrote:
> > +hugetlb_shm_group-sysctl-patch.patch
> >
> > Add /proc/sys/vm/hugetlb_shm_group: this holds the group ID of users who may
> > allocate hugetlb shm segments without CAP_IPC_LOCK. For Oracle.
> >
> > +mlock_group-sysctl.patch
> >
> > /proc/sys/vm/mlock_group: group ID of users who can do mlock() without
> > CAP_IPC_LOCK. Not sure that we need this.
>
> These two just introduced a subtile behaviour change during stable series,
> possibly (not likely) leading to DoS opportunities from applications running
> as gid 0. Really, with capabilities first and now selinux we have moved
> away from treating uid 0 special, so introducing special casing of a gid
> now is more than just braindead.
Is there anything that would prevent these two patches from being
re-implemented as a LSM module, replacing the can_do_mlock and
can_do_hugetlb_shm functions with security hook calls? They seem like
perfect candidates for security hook calls and keeping security logic
out of the core kernel. Chris, what do you think?
--
Stephen Smalley <sds@xxxxxxxxxxxxxx>
National Security Agency
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/