On Mon, 1 Apr 2002 23:46, Seth Arnold wrote: > > I'm thinking about things like the Non-executable stack, > > temp directory limitations, etc. > > I seem to recall that to implement non-exec stack in LSM would require > page-level access granularity, which was rejected as probably too > expensive (slow) for general use. However, I seem to recall that a chap Why do we need it to be any different in LSM than in any of the other implementations? All the other implementations of non-exec-stack have it for the entire system, and compiled into the kernel (with maybe a sysctl to turn it off for the entire system). Why not just merge such a patch in with the LSM patch? Sure it would be nice as a feature to have it integrated with SE Linux or one of the other schemes to make it apply to some processes but not others, but I don't really see the point. I haven't seen a correctly functioning process that wants to execute the stack in a situation where the NES patch doesn't permit it. -- If you send email to me or to a mailing list that I use which has >4 lines of legalistic junk at the end then you are specifically authorizing me to do whatever I wish with the message and all other messages from your domain, by posting the message you agree that your long legalistic sig is void. _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Mon Apr 01 2002 - 14:37:21 PST