Security Enhanced Linux
What's New
Frequently Asked Questions
Background
Documents
License
Download
Participating
Mail List
Archives
Remaining Work
Contributors
Related Work
Press Releases
Information Assurance Research
NIARL In-house Research Areas
Mathematical Sciences Program
Sabbaticals
Computer & Information Sciences Research
Technology Transfer
Advanced Computing
Advanced Mathematics
Communications & Networking
Information Processing
Microelectronics
Other Technologies
Technology Fact Sheets
Publications
Related Links
|
SELinux Mailing ListRe: [PATCH] SELinux protection for exploiting null dereference using mmap
From: Stephen Smalley <sds_at_tycho.nsa.gov>
Date: Thu, 31 May 2007 10:45:51 -0400
In retrospect, we likely should have moved all of the execmem/stack/heap checks into a separate memory class and we could have put this one there as well. There is a 'system' class already, so it isn't better than using 'process' aside from having more free bits; using a new class will ensure that no existing policy implicitly allows this check via an allow a b:c *; rule.
> > It doesn't address the question of 'is 1 page enough' Anyone with a Or it could be a sysctl value if you wanted it to generalize beyond selinux. -- Stephen Smalley National Security Agency -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with the words "unsubscribe selinux" without quotes as the message.Received on Thu 31 May 2007 - 10:45:54 EDT |
|
Date Posted: Jan 15, 2009 | Last Modified: Jan 15, 2009 | Last Reviewed: Jan 15, 2009 |