Re: mmap_min_addr and your local LSM (ok, just SELinux)

From: Pavel Machek
Date: Sun Aug 02 2009 - 08:50:16 EST

Next message: Pavel Machek: "Re: [PATCH 0/2] implement uid mount option for ext2 and ext3"
Previous message: Michael Brunner: "[PATCH] thermal_sys: check get_temp return value"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi!

> Brad Spengler recently pointed out that the SELinux decision on how to
> handle mmap_min_addr in some ways weakens system security vs on a system
> without SELinux (and in other ways can be stronger). There is a trade
> off and a reason I did what I did but I would like ideas and discussion
> on how to get the best of both worlds.
>
> With SELinux mapping the 0 page requires an SELinux policy permission,
> mmap_zero. Without SELinux mapping the 0 page requires CAP_SYS_RAWIO.
> Note that CAP_SYS_RAWIO roughly translates to uid=0 since noone really
> does interesting things with capabilities.

I wonder if cap_sys_rawio is right capability for this..? rawio
normally grants you kernel-llevel access, so you don't want to give it
to wine. But maybe if it checked cap_sys_nice or some new capability,
we could reasonably give that to wine, and problem would be gone?

cap_sys_obscure_features ?

(I guess vm86 mode should fall under that, too :-)

--
(english) http://www.livejournal.com/~pavelmachek
(cesky, pictures) http://atrey.karlin.mff.cuni.cz/~pavel/picture/horses/blog.html
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Pavel Machek: "Re: [PATCH 0/2] implement uid mount option for ext2 and ext3"
Previous message: Michael Brunner: "[PATCH] thermal_sys: check get_temp return value"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]