Re: [PATCH] Protection for exploiting null dereference using mmap

On Wednesday 06 June 2007 06:34, Eric Paris <[email protected]> wrote:
> This patch uses a new SELinux security class "memprotect."  Policy
> already contains a number of allow rules like  a_t self:process *
> (unconfined_t being one of them) which mean that putting this check in
> the process class (its best current fit) would make it useless as all

I think it would be best to use the process class and change the "*" rules to 
~{ memprotect }.

-- 
[email protected]
http://etbe.coker.com.au/          My Blog

http://www.coker.com.au/sponsorship.html Sponsoring Free Software development
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

---

• Follow-Ups:
  • Re: [PATCH] Protection for exploiting null dereference using mmap
    • From: Stephen Smalley <[email protected]>

• References:
  • [PATCH] Protection for exploiting null dereference using mmap
    • From: Eric Paris <[email protected]>

• Prev by Date: [REPOST PATCH] sata_promise: use TF interface for polling NODATA commands
• Next by Date: Re: [Xen-devel] [patch 14/33] xen: xen time implementation
• Previous by thread: Re: [PATCH] Protection for exploiting null dereference using mmap
• Next by thread: Re: [PATCH] Protection for exploiting null dereference using mmap
• Index(es):
  • Date
  • Thread

[Index of Archives]     [Kernel Newbies]     [Netfilter]     [Bugtraq]     [Photo]     [Stuff]     [Gimp]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Video 4 Linux]     [Linux for the blind]     [Linux Resources]