Re: Hooks and stacking

From: John Richard Moser (nigelenki@private)
Date: Thu Mar 31 2005 - 08:17:46 PST

Hash: SHA1

Stephen Smalley wrote:
> On Wed, 2005-03-30 at 20:52 -0500, John Richard Moser wrote:
>>3.  I want control over the memory protections on the stack and heap.
>>PT_GNU_STACK allows for an executable stack/heap.  Is there a way for me
>>to control this so that I can i.e. mandatorily make the stack/heap
>>PROT_READ|PROT_WRITE and never PROT_EXEC?  The only way I can see is to
>>add a hook in load_elf_binary(). . . .
>>In case anyone is wondering, as an excercise (but potentially as
>>something I may aim at mainline), I'm trying to port some of the stuff
>>from PaX into an LSM; particularly, the memory protection enhancements.
>> As a proof of concept, I'm considering supporting PT_PAX_FLAGS from the
>>module; but I'm also considering a security label.  My concern with a
>>security label is conflicting with SeLinux and having issues with ReiserFS.
> Have you looked at the execmem and execmod controls added to SELinux in
> kernels >= 2.6.11?  Look at the selinux_file_mmap and
> selinux_file_mprotect hook functions and their shared helper function
> file_map_prot_check.

That *blocks* illegal states; but it's been proven in PaX that sometimes
the program(mer) didn't exactly think, and just 'OH PROT_* WILL ALWAYS
WERK :D :D :D' and commonly we know better.  Why break 80% of the world
when you can break 0.001% of the world and still gain a higher level of

For example, I think all libraries are typically mapped RwX. . . wanna

> As far as security labeling goes, you can easily start using your own
> attribute name in the security namespace (e.g. security.pax) without any
> conflict with SELinux, and reiserfs was recently fixed upstream to
> interact well with security modules in dealing with security attributes.

Reiser + SeLinux == infinite loop == freeze; Method said it had
something to do with xattrs being created as files, which SeLinux
suddenly wants to label, which creates more files for xattrs, which
SeLinux suddenly wants to label. . . . . . . . . *RESET*

- --
All content of all messages exchanged herein are left in the
Public Domain, unless otherwise explicitly stated.

    Creative brains are a valuable, limited resource. They shouldn't be
    wasted on re-inventing the wheel when there are so many fascinating
    new problems waiting out there.
                                                 -- Eric Steven Raymond
Version: GnuPG v1.2.5 (GNU/Linux)
Comment: Using GnuPG with Thunderbird -


This archive was generated by hypermail 2.1.3 : Thu Mar 31 2005 - 08:18:32 PST