On Tue, 2005-02-22 at 15:47 -0800, Chris Wright wrote: > Only other way I can see is to effectively tweak policy based on > tsk->personality. While it seems ugly, it's an accurate reflection > of both policy and reality (with some confusion of audit messages when > building policy). But your patch is probably the most straight-forward > way to do it. Yes, the patch lets us distinguish between application-requested execute protection and the implied execute protection by read-implies-exec logic, which I think is useful, e.g. we'll still apply execute-related checking when ld.so explicitly requests an executable mapping. It also avoids having to explicitly check current->personality and file- >f_vfsmnt->mnt_flags again for READ_IMPLIES_EXEC and MNT_NOEXEC respectively in the security module. > Do you want to sample prot after it's been cleared of GROWSUP/DOWN bits > just to keep reqport as clean as possible? Good idea. > unnecessary initialization Ok, thanks. > Looks an unnecessary duplicate Yes, good catch. Ok, I'll rework accordingly and plan to submit post 2.6.11. -- Stephen Smalley <sds@private> National Security Agency
This archive was generated by hypermail 2.1.3 : Wed Feb 23 2005 - 07:51:53 PST