From: David Howells <dhowells@redhat.com>
To: Eric Paris <eparis@parisplace.org>
Cc: dhowells@redhat.com, graff.yang@gmail.com,
linux-kernel@vger.kernel.org, gyang@blackfin.uclinux.org,
akpm@linux-foundation.org,
uclinux-dist-devel@blackfin.uclinux.org,
Graff Yang <graf.yang@analog.com>,
linux-security-module@vger.kernel.org
Subject: Re: [PATCH] mm/nommu.c: Fix improperly call of security API in mmap
Date: Fri, 16 Oct 2009 16:14:50 +0100 [thread overview]
Message-ID: <6207.1255706090@redhat.com> (raw)
In-Reply-To: <7e0fb38c0910160801o50346a5cm763d79cab98272a5@mail.gmail.com>
Eric Paris <eparis@parisplace.org> wrote:
> I really don't like seeing such irrelevant (that's not the right word,
> but I can't think what is) ifdefs creeping down into the security
> layer as LSM authors are likely to mess them up in the future. I'd
> probably rather see the addr_only argument changed into a flags field.
> One for addr_only and one flag for not_addr. The nommu case could
> just set the not_addr flag and it's obvious how the LSMs (or
> capabilities if !CONFIG_SECURITY) should handle it, also works if some
> other future need arises...
A better way still, might be to deny the possibility of CONFIG_SECURITY if
CONFIG_MMU=n. After all, security is sort of pointless when a userspace
program can just edit the kernel at a whim.
David
next prev parent reply other threads:[~2009-10-16 15:16 UTC|newest]
Thread overview: 24+ messages / expand[flat|nested] mbox.gz Atom feed top
2009-10-14 10:28 [PATCH] mm/nommu.c: Fix improperly call of security API in mmap graff.yang
2009-10-14 14:08 ` David Howells
2009-10-15 2:21 ` graff yang
2009-10-15 3:45 ` graff yang
2009-10-15 7:07 ` David Howells
2009-10-16 7:06 ` [Uclinux-dist-devel] " Mike Frysinger
2009-10-16 15:01 ` Eric Paris
2009-10-16 15:14 ` David Howells [this message]
2009-10-16 15:21 ` Eric Paris
2009-10-16 15:43 ` David Howells
2009-10-16 15:55 ` Eric Paris
2009-11-17 22:13 ` Andrew Morton
2009-11-17 23:24 ` Mike Frysinger
2009-11-18 21:10 ` Eric Paris
2009-11-20 15:00 ` David Howells
2009-11-20 17:42 ` Andrew Morton
2009-11-20 17:54 ` David Howells
2009-11-20 19:32 ` Eric Paris
2009-11-20 19:50 ` Andrew Morton
2009-11-20 19:58 ` Eric Paris
2009-11-21 0:16 ` David Howells
2009-11-21 16:15 ` Eric Paris
2009-11-23 10:10 ` John Johansen
2009-10-16 15:43 ` [Uclinux-dist-devel] " Mike Frysinger
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=6207.1255706090@redhat.com \
--to=dhowells@redhat.com \
--cc=akpm@linux-foundation.org \
--cc=eparis@parisplace.org \
--cc=graf.yang@analog.com \
--cc=graff.yang@gmail.com \
--cc=gyang@blackfin.uclinux.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=uclinux-dist-devel@blackfin.uclinux.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.