Re: Hooks and stacking

From: Stephen Smalley (sds@private)
Date: Thu Mar 31 2005 - 08:18:32 PST

On Thu, 2005-03-31 at 11:17 -0500, John Richard Moser wrote:
> That *blocks* illegal states; but it's been proven in PaX that sometimes
> the program(mer) didn't exactly think, and just 'OH PROT_* WILL ALWAYS
> WERK :D :D :D' and commonly we know better.  Why break 80% of the world
> when you can break 0.001% of the world and still gain a higher level of
> security?
> For example, I think all libraries are typically mapped RwX. . . wanna
> break

I really don't follow what you are saying.  Are you saying that the
SELinux controls on mmap/mprotect to prevent bad states are breaking 80%
of the world?  Not AFAICS.

> Reiser + SeLinux == infinite loop == freeze; Method said it had
> something to do with xattrs being created as files, which SeLinux
> suddenly wants to label, which creates more files for xattrs, which
> SeLinux suddenly wants to label. . . . . . . . . *RESET*

That's been fixed upstream.  As of 2.6.12-rc1 or later.

Stephen Smalley <sds@private>
National Security Agency

This archive was generated by hypermail 2.1.3 : Thu Mar 31 2005 - 08:27:22 PST