Re: Stacking Openwall and SELinux?

From: Chris Wright (chrisat_private)
Date: Mon Apr 01 2002 - 18:57:02 PST

  • Next message: Chris Wright: "Re: Stacking Openwall and SELinux?"

    * David Wheeler (dwheelerat_private) wrote:
    > I believe that several functions in Openwall don't
    > require any additional information in the kernel data structures.
    > Would it be possible to split out those capabilities into
    > a "partial openwall" module that implements those features?
    > I'm thinking about things like the Non-executable stack,
    > temp directory limitations, etc.  That way, those functions could
    > be added to any system using insmod.
    
    The owlsm module is compile time configurable, and it is possible to
    compile it such that it doesn't use the security blob.  This isn't
    documented, however, disabling CONFIG_OWLSM_FD should do it for now.
    As others have mentioned, the non-executable stack is not likely to go
    in because the patch is not easily put in LSM terms.
    
    cheers,
    -chris
    _______________________________________________
    linux-security-module mailing list
    linux-security-moduleat_private
    http://mail.wirex.com/mailman/listinfo/linux-security-module
    



    This archive was generated by hypermail 2b30 : Mon Apr 01 2002 - 18:58:48 PST