Re: [PATCH] Protection for exploiting null dereference using mmap

On Wednesday 06 June 2007 06:34, Eric Paris <[email protected]> wrote:
> This patch uses a new SELinux security class "memprotect."  Policy
> already contains a number of allow rules like  a_t self:process *
> (unconfined_t being one of them) which mean that putting this check in
> the process class (its best current fit) would make it useless as all

I think it would be best to use the process class and change the "*" rules to 
~{ memprotect }.

-- 
[email protected]
http://etbe.coker.com.au/          My Blog

http://www.coker.com.au/sponsorship.html Sponsoring Free Software development
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Follow-Ups:
- Re: [PATCH] Protection for exploiting null dereference using mmap
  - From: Stephen Smalley <[email protected]>

References:
- [PATCH] Protection for exploiting null dereference using mmap
  - From: Eric Paris <[email protected]>

Prev by Date: [REPOST PATCH] sata_promise: use TF interface for polling NODATA commands
Next by Date: Re: [Xen-devel] [patch 14/33] xen: xen time implementation
Previous by thread: Re: [PATCH] Protection for exploiting null dereference using mmap
Next by thread: Re: [PATCH] Protection for exploiting null dereference using mmap
Index(es):
- Date
- Thread

[Index of Archives] [Kernel Newbies] [Netfilter] [Bugtraq] [Photo] [Stuff] [Gimp] [Yosemite News] [MIPS Linux] [ARM Linux] [Linux Security] [Linux RAID] [Video 4 Linux] [Linux for the blind] [Linux Resources]