Re: [RFC][PATCH] Pass requested protection to security_file_mmap/mprotect hooks

From: Stephen Smalley (sds@private)
Date: Wed Feb 23 2005 - 05:02:05 PST

Previous message: Chris Wright: "Re: [RFC][PATCH] Pass requested protection to security_file_mmap/mprotect hooks"
In reply to: Chris Wright: "Re: [RFC][PATCH] Pass requested protection to security_file_mmap/mprotect hooks"
Next in thread: James Morris: "Re: [RFC][PATCH] Pass requested protection to security_file_mmap/mprotect hooks"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

On Tue, 2005-02-22 at 13:01 -0800, Chris Wright wrote:
> By heuristics did you mean taking current->personality into account and
> trying to guess what the caller asked for?

Yes.  Even if current->personality has READ_IMPLIES_EXEC set, some of
the application (and ld.so) requests will explicitly include PROT_EXEC,
and we don't really want to suppress checking of those execute requests
as well.

-- 
Stephen Smalley <sds@private>
National Security Agency

Previous message: Chris Wright: "Re: [RFC][PATCH] Pass requested protection to security_file_mmap/mprotect hooks"
In reply to: Chris Wright: "Re: [RFC][PATCH] Pass requested protection to security_file_mmap/mprotect hooks"
Next in thread: James Morris: "Re: [RFC][PATCH] Pass requested protection to security_file_mmap/mprotect hooks"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.3 : Wed Feb 23 2005 - 07:51:21 PST