SELinux Mailing List - NSA/CSS

Skip All Menus Skip Top Menu

Top Navigation Menus

Skip Research Menus

Research Menu

Research Security Enhanced Linux What's New Frequently Asked Questions Background Documents License Download Participating Mail List Archives Remaining Work Contributors Related Work Press Releases Information Assurance Research NIARL In-house Research Areas Mathematical Sciences Program Sabbaticals Computer & Information Sciences Research Technology Transfer Advanced Computing Advanced Mathematics Communications & Networking Information Processing Microelectronics Other Technologies Technology Fact Sheets Publications Related Links	Skip Search Box Searchbox SELinux Mailing List Re: [RFC][PATCH] Control ability to have a writable executable mapping This message: [ Message body ] [ More options ] Related messages: [ Next message ] [ Previous message ] [ In reply to ] [ Next in thread ] [ Replies ] From: Joshua Brindle <jbrindle_at_tresys.com> Date: Tue, 09 Nov 2004 18:15:23 -0500 Stephen Smalley wrote: >I know that the PAX/selinux integration patch approaches this >differently, applying a check based on the executable file type rather >than the process domain, but I would favor a domain-based check for its >greater generality (ability to handle multiple instances of the same >program in different ways) and more direct representation of the actual >operation (can this process perform this action?). Admittedly, the >domain-based check does impose a cost on policy writers - you have to >define separate domains vs. just separate file types in order to >selectively allow this permission. But I believe that this cost is >justified. > > I can't think of any circumstances where the domain which an application is in should have an impact on it's PaX flags. In general we want whatever defaults (pageexec, mprotect, randmmap) on all the time except in cases where one or more of those flags don't work (eg, java doesn't like pageexec, nor does mono). The caller domain makes no difference in whether those will or will not function with PaX protection, nor should it make a difference in whether those are enabled. That said, I know the current implementation breaks the current domain source, target object type model, and it would be better to make it the same for no better reason than consistancy. On the other hand, you are right, it does impose a higher cost on policy writing. However, it isn't clear that SELinux facilitates this sort of flag setting via permissions well, since SELinux will deny by default all the flags would be off (!) which is less secure. >Please note that this patch does NOT provide the functionality of PAX, >exec-shield, NX support, etc. It merely provides SELinux policy control >over the ability to create an executable mapping that can contain data >not covered by file permission checks. > > > out of curiousity, is revocation handled? >Constructive comments welcome. > > > It seems like the whole purpose of this is to enforce a consistancy between filesystem permissions and mmaped files in memory? Does this fall into the same category as PaX where denying the flag actually causes a less secure default? Joshua Brindle -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with the words "unsubscribe selinux" without quotes as the message. Received on Tue 9 Nov 2004 - 18:15:38 EST This message: [ Message body ] Next message: Chris PeBenito: "[patch] libselinux/utils/selinuxconfig.c" Previous message: Daniel J Walsh: "Re: can_network patch" In reply to: Stephen Smalley: "[RFC][PATCH] Control ability to have a writable executable mapping" Next in thread: Stephen Smalley: "Re: [RFC][PATCH] Control ability to have a writable executable mapping" Reply: Stephen Smalley: "Re: [RFC][PATCH] Control ability to have a writable executable mapping" Reply: Russell Coker: "Re: [RFC][PATCH] Control ability to have a writable executable mapping" Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ]
	Date Posted: Jan 15, 2009 \| Last Modified: Jan 15, 2009 \| Last Reviewed: Jan 15, 2009

bottom