Re: [PATCH 2/3] SELinux: add security_task_movememory calls to mm code

* Serge E. Hallyn ([email protected]) wrote:
> sorry if I'm being dense - what is actually being protected against
> here?  The only thing I can think of is one process causing performance
> degradation to another by moving it's memory further from it's cpu on a
> NUMA machine.

There's been a short series of patches (plus a short doc from James) to
deal with code that's already doing uid/euid capable() checks w/out a
corresponding LSM hook.  IOW, it's already been recognized as security
sensitive and has DAC check w/out corresponding MAC check.  It's a small
issue with relatively minor security impacts, but is completing
mediation.

thanks,
-chris
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

References:
- [PATCH 1/3] SELinux: Add security hook definitions for setmempolicy
  - From: James Morris <[email protected]>
- [PATCH 0/3] SELinux: movememory & sockcreate updates for -mm
  - From: James Morris <[email protected]>
- [PATCH 2/3] SELinux: add security_task_movememory calls to mm code
  - From: James Morris <[email protected]>
- Re: [PATCH 2/3] SELinux: add security_task_movememory calls to mm code
  - From: "Serge E. Hallyn" <[email protected]>

Prev by Date: Re: [RFC 2/4] Remove empty destructor from drivers/usb/mon/mon_text.c
Next by Date: Re: [RFC 3/4] Add checks to current destructor uses
Previous by thread: Re: [PATCH 2/3] SELinux: add security_task_movememory calls to mm code
Next by thread: Re: [PATCH 2/3] SELinux: add security_task_movememory calls to mm code
Index(es):
- Date
- Thread

[Index of Archives] [Kernel Newbies] [Netfilter] [Bugtraq] [Photo] [Stuff] [Gimp] [Yosemite News] [MIPS Linux] [ARM Linux] [Linux Security] [Linux RAID] [Video 4 Linux] [Linux for the blind] [Linux Resources]