On Sat, 2007-11-17 at 09:12 +1100, James Morris wrote:
> On Fri, 16 Nov 2007, Eric Paris wrote:
>
> > When this protection was originally concieved it intentionally was
> > offing something even without an more 'full featured' LSM. That was the
> > whole reason I had to drop the secondary
On Sat, 2007-11-17 at 09:12 +1100, James Morris wrote:
On Fri, 16 Nov 2007, Eric Paris wrote:
When this protection was originally concieved it intentionally was
offing something even without an more 'full featured' LSM. That was the
whole reason I had to drop the secondary stacking hook
On Fri, 16 Nov 2007, Eric Paris wrote:
> When this protection was originally concieved it intentionally was
> offing something even without an more 'full featured' LSM. That was the
> whole reason I had to drop the secondary stacking hook inside the
> selinux code.
>
> While I now understand
On Sat, 2007-11-17 at 08:58 +1100, James Morris wrote:
> On Fri, 16 Nov 2007, Eric Paris wrote:
>
> > On Sat, 2007-11-17 at 08:47 +1100, James Morris wrote:
> > > On Fri, 16 Nov 2007, Eric Paris wrote:
> > >
> > > > On a kernel with CONFIG_SECURITY but without an LSM which implements
> > > >
On Fri, 16 Nov 2007, Eric Paris wrote:
> On Sat, 2007-11-17 at 08:47 +1100, James Morris wrote:
> > On Fri, 16 Nov 2007, Eric Paris wrote:
> >
> > > On a kernel with CONFIG_SECURITY but without an LSM which implements
> > > security_file_mmap it is impossible for an application to mmap addresses
On Sat, 2007-11-17 at 08:47 +1100, James Morris wrote:
> On Fri, 16 Nov 2007, Eric Paris wrote:
>
> > On a kernel with CONFIG_SECURITY but without an LSM which implements
> > security_file_mmap it is impossible for an application to mmap addresses
> > lower than mmap_min_addr.
>
> Actually,
On Fri, 16 Nov 2007, Eric Paris wrote:
> On a kernel with CONFIG_SECURITY but without an LSM which implements
> security_file_mmap it is impossible for an application to mmap addresses
> lower than mmap_min_addr.
Actually, should we be doing any checking in the dummy module, given that
it is
On a kernel with CONFIG_SECURITY but without an LSM which implements
security_file_mmap it is impossible for an application to mmap addresses
lower than mmap_min_addr. Based on a suggestion from a developer in the
openwall community this patch adds a check for CAP_SYS_RAWIO. It is
assumed that
On a kernel with CONFIG_SECURITY but without an LSM which implements
security_file_mmap it is impossible for an application to mmap addresses
lower than mmap_min_addr. Based on a suggestion from a developer in the
openwall community this patch adds a check for CAP_SYS_RAWIO. It is
assumed that
On Fri, 16 Nov 2007, Eric Paris wrote:
On a kernel with CONFIG_SECURITY but without an LSM which implements
security_file_mmap it is impossible for an application to mmap addresses
lower than mmap_min_addr.
Actually, should we be doing any checking in the dummy module, given that
it is not
On Sat, 2007-11-17 at 08:47 +1100, James Morris wrote:
On Fri, 16 Nov 2007, Eric Paris wrote:
On a kernel with CONFIG_SECURITY but without an LSM which implements
security_file_mmap it is impossible for an application to mmap addresses
lower than mmap_min_addr.
Actually, should we be
On Fri, 16 Nov 2007, Eric Paris wrote:
On Sat, 2007-11-17 at 08:47 +1100, James Morris wrote:
On Fri, 16 Nov 2007, Eric Paris wrote:
On a kernel with CONFIG_SECURITY but without an LSM which implements
security_file_mmap it is impossible for an application to mmap addresses
lower
On Sat, 2007-11-17 at 08:58 +1100, James Morris wrote:
On Fri, 16 Nov 2007, Eric Paris wrote:
On Sat, 2007-11-17 at 08:47 +1100, James Morris wrote:
On Fri, 16 Nov 2007, Eric Paris wrote:
On a kernel with CONFIG_SECURITY but without an LSM which implements
security_file_mmap it
On Fri, 16 Nov 2007, Eric Paris wrote:
When this protection was originally concieved it intentionally was
offing something even without an more 'full featured' LSM. That was the
whole reason I had to drop the secondary stacking hook inside the
selinux code.
While I now understand the
14 matches
Mail list logo