On May 27, 2007, at 03:13:11, Tetsuo Handa wrote:
Kyle Moffett wrote:
Part of the reason that Fedora has a large quantity of that
restorecon and restorecond crap is that there is a certain amount
of broken binary software needing executable stack/heap (such as
flashplayer), programs without comprehensive or complete policies,
or programs which by definition need extra support for SELinux.
I want to know how the kernel can know a request is coming from
instructions from stack/heap memory. Is this executable stack/heap
check is performed everytime by checking stack trace? Or, is this
check performed just once when something mmap()-related requests
occur? If the latter one, the kernel can't know a request is
coming from instructions from stack/heap memory, can it?
Many CPUs have memory-management units which distinguish between
memory that is "readable" and memory that is "executable". On such
CPUs, SELinux-based systems can ensure that writeable mappings in a
process may never be mapped or remapped with the executable bit set.
This means that the stack and heap pages initially mapped with
PROT_READ|PROT_WRITE are not executable. Likewise the executable
portions of the program binary itself are mapped PROT_READ|PROT_EXEC,
while the modifiable data and relocation tables are mapped PROT_READ|
PROT_WRITE.
So no, the kernel doesn't _really_ know the difference between stack/
heap memory, but the ELF ABI makes it easy to guess appropriately
(and there's a lot more technical details of how it does that I'm
leaving out for clarity).
Cheers,
Kyle Moffett
-
To unsubscribe from this list: send the line "unsubscribe
linux-security-module" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
