Re: [PATCH] permission hook in filemap_nopage

• Previous message: Antony Edwards: "[PATCH] permission hook in filemap_nopage"
• In reply to: Antony Edwards: "[PATCH] permission hook in filemap_nopage"
• Next in thread: Valdis.Kletnieksat_private: "Re: [PATCH] permission hook in filemap_nopage"
• Reply: Valdis.Kletnieksat_private: "Re: [PATCH] permission hook in filemap_nopage"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

* Antony Edwards (aedwardat_private) wrote:
> 
> Hi,
> 
> At the moment there is no permission check in filemap_nopage (reading in a
> page from an
> mmaped file). This makes the permission check in sys_read / sys_write a
> little pointless
> as the user can always avoid this check by mmaping the file.

the open(2), mmap(2) code path is protected.  so reading from a maped
file is protected, albeit revocation _is_ challenging.  have you
benchmarked such a change?  this happens on a per page scale.
discussions on this topic in the past have stopped short of
implementation with the assumption that the cost to benefit is not worth
it.  i am interested in hearing your experience, however.

thanks,
-chris
_______________________________________________
linux-security-module mailing list
linux-security-moduleat_private
http://mail.wirex.com/mailman/listinfo/linux-security-module

• Next message: Valdis.Kletnieksat_private: "Re: [PATCH] permission hook in filemap_nopage"
• Previous message: Antony Edwards: "[PATCH] permission hook in filemap_nopage"
• In reply to: Antony Edwards: "[PATCH] permission hook in filemap_nopage"
• Next in thread: Valdis.Kletnieksat_private: "Re: [PATCH] permission hook in filemap_nopage"
• Reply: Valdis.Kletnieksat_private: "Re: [PATCH] permission hook in filemap_nopage"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Mon Feb 04 2002 - 16:44:14 PST