On Wed, 2005-06-22 at 03:51 +0200, Lorenzo Hernández García-Hierro
wrote:
> This patch,based on sample code by Roland McGrath, adds an execheap
> permission check that controls the ability to make the heap executable
> so that this can be prevented in almost all cases (the X server is
> presently an exception, but this will hopefully be resolved in the future)
> so that even programs with execmem permission will need to have the anonymous
> memory mapped in order to make it executable.
> The only reason that we use a permission check for such restriction
> (vs. making it unconditional) is that the X module loader presently
> needs it; it could possibly be made unconditional in the future when
> X is changed.
> Signed-off-by: Lorenzo Hernandez Garcia-Hierro <[email protected]>
> ---
>
> security/selinux/hooks.c | 11 +++++++++++
> security/selinux/include/av_perm_to_string.h | 1 +
> security/selinux/include/av_permissions.h | 1 +
> 3 files changed, 13 insertions(+)
Acked-by: Stephen Smalley <[email protected]>
--
Stephen Smalley
National Security Agency
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
[Index of Archives]
[Kernel Newbies]
[Netfilter]
[Bugtraq]
[Photo]
[Stuff]
[Gimp]
[Yosemite News]
[MIPS Linux]
[ARM Linux]
[Linux Security]
[Linux RAID]
[Video 4 Linux]
[Linux for the blind]
[Linux Resources]