* Valdis.Kletnieksat_private (Valdis.Kletnieksat_private) wrote: > Lots of .so's. Those pages get protected *when*? Yes, sorry, I was only speaking of the actual binary. > Does deny_write_access do checks for the block numbers of writes to /dev/hda7 > or wherever your /usr/local happens to live? No, this is a simple ETXTBSY on the inode (for normal open), and for inode backed mappings with VM_DENYWRITE flags in the vma (e.g. open_exec()). > Does deny_write_access have the desired effect if somebody finds a way to scribble > on /dev/mem or /dev/swap? /dev/mem, certainly not. only saving grace there is that a /dev/mem capable writer completely owns the machine (i.e. CAP_SYS_RAWIO means you can dynamically patch the kernel itself), so let's hope it's well protected ;-) /dev/swap is not an issue for text, as under pressure it will be dropped back to it's backing store, not written to swap. > Remember - I don't necessarily need to open /bin/login for writing in order to modify > a page that /bin/login ends up executing as code..... These are all good points, I was too narrowly focused on normal file open(2)/write(2)/execve(2) activity. thanks, -chris -- Linux Security Modules http://lsm.immunix.org http://lsm.bkbits.net _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Fri Jul 25 2003 - 13:01:26 PDT