Re: [patch 2/2] selinux: add executable heap check

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Wed, 2005-06-22 at 03:51 +0200, Lorenzo Hernández García-Hierro
wrote:
> This patch,based on sample code by Roland McGrath, adds an execheap
> permission check that controls the ability to make the heap executable
> so that this can be prevented in almost all cases (the X server is
> presently an exception, but this will hopefully be resolved in the future)
> so that even programs with execmem permission will need to have the anonymous
> memory mapped in order to make it executable. 
> The only reason that we use a permission check for such restriction
> (vs. making it unconditional) is that the X module loader presently
> needs it; it could possibly be made unconditional in the future when
> X is changed.

> Signed-off-by: Lorenzo Hernandez Garcia-Hierro <[email protected]>
> ---
> 
>  security/selinux/hooks.c                     |   11 +++++++++++
>  security/selinux/include/av_perm_to_string.h |    1 +
>  security/selinux/include/av_permissions.h    |    1 +
>  3 files changed, 13 insertions(+)

Acked-by:  Stephen Smalley <[email protected]>

-- 
Stephen Smalley
National Security Agency

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

[Index of Archives]     [Kernel Newbies]     [Netfilter]     [Bugtraq]     [Photo]     [Stuff]     [Gimp]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Video 4 Linux]     [Linux for the blind]     [Linux Resources]
  Powered by Linux