From: cpebenito@tresys.com (Christopher J. PeBenito)
To: refpolicy@oss.tresys.com
Subject: [refpolicy] How to handle glibc-triggered behavior?
Date: Mon, 12 Jan 2015 09:03:38 -0500 [thread overview]
Message-ID: <54B3D43A.5060203@tresys.com> (raw)
In-Reply-To: <20141221121526.GA5564@siphos.be>
On 12/21/2014 7:15 AM, Sven Vermeulen wrote:
> glibc's malloc implementation, in multithreaded applications, might read
> /proc/sys/vm/overcommit_memory to check if the heap can be shrunk or not
> (when the allocated memory is part of the non-main arena). That means that
> read access to sysctl_vm_t becomes a wide request.
>
> Not granting privileges might result in different memory behavior, where the
> system administrator might have tuned/tweaked memory allocations on Linux,
> but malloc() ignoring this due to SELinux denying access to the settings.
>
> I'm wondering how to properly tackle this. Granting this on a per-domain
> level is probably not manageable, but granting this for all domains (through
> the "domain" attribute) might be overshooting.
Since typically everything is linked against glibc, and adding read
doesn't seem to be very concerning, I'd tend to do the latter.
> Are there specific risks that I should take into account when granting read
> access to sysctl_vm_t?
Looking through the sysctls, I don't really see much to be concerned
about. Knowing all the virtual memory settings doesn't seem like it
would make any easier to do a denial of service attack.
--
Chris PeBenito
Tresys Technology, LLC
www.tresys.com | oss.tresys.com
next prev parent reply other threads:[~2015-01-12 14:03 UTC|newest]
Thread overview: 16+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-12-21 12:15 [refpolicy] How to handle glibc-triggered behavior? Sven Vermeulen
2015-01-12 14:03 ` Christopher J. PeBenito [this message]
2015-04-03 13:47 ` Miroslav Grepl
2015-04-03 15:44 ` Dominick Grift
2015-12-10 14:59 ` Laurent Bigonville
2015-12-10 15:11 ` Dominick Grift
2015-12-10 15:13 ` Dominick Grift
2015-12-10 15:44 ` Christopher J. PeBenito
2015-12-10 15:49 ` Dominick Grift
2015-12-10 15:51 ` Dominick Grift
2015-12-10 15:20 ` Dominick Grift
2015-12-10 15:29 ` Dominick Grift
2015-12-10 15:40 ` Dominick Grift
2015-12-10 15:53 ` Christopher J. PeBenito
2015-12-10 15:56 ` Dominick Grift
2015-12-10 16:00 ` Dominick Grift
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=54B3D43A.5060203@tresys.com \
--to=cpebenito@tresys.com \
--cc=refpolicy@oss.tresys.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.