From: David Howells <dhowells@redhat.com>
To: Eric Paris <eparis@parisplace.org>
Cc: dhowells@redhat.com, graff.yang@gmail.com,
linux-kernel@vger.kernel.org, gyang@blackfin.uclinux.org,
akpm@linux-foundation.org,
uclinux-dist-devel@blackfin.uclinux.org,
Graff Yang <graf.yang@analog.com>,
linux-security-module@vger.kernel.org
Subject: Re: [PATCH] mm/nommu.c: Fix improperly call of security API in mmap
Date: Fri, 16 Oct 2009 16:14:50 +0100 [thread overview]
Message-ID: <6207.1255706090@redhat.com> (raw)
In-Reply-To: <7e0fb38c0910160801o50346a5cm763d79cab98272a5@mail.gmail.com>
Eric Paris <eparis@parisplace.org> wrote:
> I really don't like seeing such irrelevant (that's not the right word,
> but I can't think what is) ifdefs creeping down into the security
> layer as LSM authors are likely to mess them up in the future. I'd
> probably rather see the addr_only argument changed into a flags field.
> One for addr_only and one flag for not_addr. The nommu case could
> just set the not_addr flag and it's obvious how the LSMs (or
> capabilities if !CONFIG_SECURITY) should handle it, also works if some
> other future need arises...
A better way still, might be to deny the possibility of CONFIG_SECURITY if
CONFIG_MMU=n. After all, security is sort of pointless when a userspace
program can just edit the kernel at a whim.
David
next prev parent reply other threads:[~2009-10-16 15:16 UTC|newest]
Thread overview: 24+ messages / expand[flat|nested] mbox.gz Atom feed top
2009-10-14 10:28 [PATCH] mm/nommu.c: Fix improperly call of security API in mmap graff.yang
2009-10-14 14:08 ` David Howells
2009-10-15 2:21 ` graff yang
2009-10-15 3:45 ` graff yang
2009-10-15 7:07 ` David Howells
2009-10-16 7:06 ` [Uclinux-dist-devel] " Mike Frysinger
2009-10-16 15:01 ` Eric Paris
2009-10-16 15:14 ` David Howells [this message]
2009-10-16 15:21 ` Eric Paris
2009-10-16 15:43 ` David Howells
2009-10-16 15:55 ` Eric Paris
2009-11-17 22:13 ` Andrew Morton
2009-11-17 23:24 ` Mike Frysinger
2009-11-18 21:10 ` Eric Paris
2009-11-20 15:00 ` David Howells
2009-11-20 17:42 ` Andrew Morton
2009-11-20 17:54 ` David Howells
2009-11-20 19:32 ` Eric Paris
2009-11-20 19:50 ` Andrew Morton
2009-11-20 19:58 ` Eric Paris
2009-11-21 0:16 ` David Howells
2009-11-21 16:15 ` Eric Paris
2009-11-23 10:10 ` John Johansen
2009-10-16 15:43 ` [Uclinux-dist-devel] " Mike Frysinger
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=6207.1255706090@redhat.com \
--to=dhowells@redhat.com \
--cc=akpm@linux-foundation.org \
--cc=eparis@parisplace.org \
--cc=graf.yang@analog.com \
--cc=graff.yang@gmail.com \
--cc=gyang@blackfin.uclinux.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=uclinux-dist-devel@blackfin.uclinux.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox