On Wed, 2005-06-22 at 03:51 +0200, Lorenzo Hernández García-Hierro
wrote:
> This patch adds an execstack permission check that controls the
> ability to make the main process stack executable so that attempts to
> make the stack executable can still be prevented even if the process is
> allowed the existing execmem permission in order to e.g. perform runtime
> code generation. Note that this does not yet address thread stacks.
> Note also that unlike the execmem check, the execstack check is only
> applied on mprotect calls, not mmap calls, as the current
> security_file_mmap hook is not passed the necessary information
> presently.
> Signed-off-by: Lorenzo Hernandez Garcia-Hierro <[email protected]>
> ---
>
> security/selinux/hooks.c | 10 ++++++++++
> security/selinux/include/av_perm_to_string.h | 1 +
> security/selinux/include/av_permissions.h | 1 +
> 3 files changed, 12 insertions(+)
Acked-by: Stephen Smalley <[email protected]>
--
Stephen Smalley
National Security Agency
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
[Index of Archives]
[Kernel Newbies]
[Netfilter]
[Bugtraq]
[Photo]
[Stuff]
[Gimp]
[Yosemite News]
[MIPS Linux]
[ARM Linux]
[Linux Security]
[Linux RAID]
[Video 4 Linux]
[Linux for the blind]
[Linux Resources]
