Re: Security fix for remapping of page 0 (was [PATCH] Change ZERO_SIZE_PTR to point at unmapped space)

[Linus Torvalds]

On Wed, 3 Jun 2009, Eric Paris wrote:
> 
> As I recall the only need for CONFIG_SECURITY is for the ability to
> override the check.

No, if you have SECURITY disabled entirely, the check goes away.

If you have SECURITY on, but then use the simple capability model, the 
check is there.

If you have SECURITY on, and then use SElinux, you can make it be dynamic.

> I think I could probably pretty cleanly change it to use
> CAP_SYS_RAWIO/SELinux permissions if CONFIG_SECURITY and just allow it
> for uid=0 in the non-security case?

We probably should, since the "capability" security version should 
generally essentially emulate the regular non-SECURITY case for root. 

			Linus
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/