Re: Security fix for remapping of page 0 (was [PATCH] ChangeZERO_SIZE_PTR to point at unmapped space)

[Linus Torvalds]

On Wed, 3 Jun 2009, Christoph Lameter wrote:
>
> We could just move the check for mmap_min_addr out from
> CONFIG_SECURITY?

No.

The thing is, the security model wants to modify the rules on what's 
"secure" and what isn't. And your patch just hard-coded that 
capable(CAP_SYS_RAWIO) decision - but that's not what something like 
SElinux actually uses to decide whether it's ok or not.

So if you do it in generic code, you'd have to make it much more complex. 
One option would be to change the rule for what "security_file_mmap()" 
means, and make the return value says "yes, no, override". Where 
"override" would be "allow it for this process even if it's below the 
minimum mmap limit.

But the better option really is to just copy the cap_file_mmap() rule to 
the !SECURITY rule, and make !SECURITY really mean the same as "always do 
default security", the way it's documented.

			Linus
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/