On Thu, 2005-03-31 at 11:17 -0500, John Richard Moser wrote: > That *blocks* illegal states; but it's been proven in PaX that sometimes > the program(mer) didn't exactly think, and just 'OH PROT_* WILL ALWAYS > WERK :D :D :D' and commonly we know better. Why break 80% of the world > when you can break 0.001% of the world and still gain a higher level of > security? > > For example, I think all libraries are typically mapped RwX. . . wanna > break ld.so? I really don't follow what you are saying. Are you saying that the SELinux controls on mmap/mprotect to prevent bad states are breaking 80% of the world? Not AFAICS. > Reiser + SeLinux == infinite loop == freeze; Method said it had > something to do with xattrs being created as files, which SeLinux > suddenly wants to label, which creates more files for xattrs, which > SeLinux suddenly wants to label. . . . . . . . . *RESET* That's been fixed upstream. As of 2.6.12-rc1 or later. -- Stephen Smalley <sds@private> National Security Agency
This archive was generated by hypermail 2.1.3 : Thu Mar 31 2005 - 08:27:22 PST