-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Olivier Galibert wrote: > On Fri, Jan 18, 2008 at 08:30:44AM -0500, Daniel J Walsh wrote: >> -----BEGIN PGP SIGNED MESSAGE----- >> Hash: SHA1 >> >> Olivier Galibert wrote: >>> On Thu, Jan 17, 2008 at 01:48:42PM -0500, Daniel J Walsh wrote: >>>> <tunable name="allow_execmem" dftval="false"> >>>> <desc> >>>> <p> >>>> Allow unconfined executables to map a memory region as both executable >>>> and writable, this is dangerous and the executable should be reported in >>>> bugzilla") >>> That should be "to map a file in a memory region", as UD's page >>> explains. Otherwise anyone who knows a little about dynamic >>> recompilers/JITs is gonna go "huh?". >>> >>> OG. >>> >> Bad cut and paste. The one I pasted was for allow_execmem. Where the >> definition is correct. > > You mean Ulrich's page is incorrect then? I indeed had noticed it was > about execmem. > > >> java/mono apps are not confined by this, since >> they run under a different context. > > Java/Mono are not the only programs with dynamic code generators in > them. > > OG. > THe attached file is the file context of all files in Rawhide (Probably F8) that are marked as allowing execmem/execstack. If you know of others, we need to update this list. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.8 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org iEYEARECAAYFAkeQ6WEACgkQrlYvE4MpobNC1QCeJFwhjT7zZ4jWOeCQ2VnfTcI9 NI8AoLCClZU0lYdOAqwDNonnzDqReX34 =LqxN -----END PGP SIGNATURE-----
/usr/bin/qemu.* -- system_u:object_r:unconfined_execmem_exec_t:s0 /usr/lib/openoffice\.org.*/program/.+\.bin -- system_u:object_r:unconfined_execmem_exec_t:s0 /usr/bin/sbcl -- system_u:object_r:unconfined_execmem_exec_t:s0 /usr/bin/valgrind -- system_u:object_r:unconfined_execmem_exec_t:s0 /usr/bin/rhythmbox -- system_u:object_r:unconfined_execmem_exec_t:s0 /usr/lib/ia32el/ia32x_loader -- system_u:object_r:unconfined_execmem_exec_t:s0 /usr/local/RealPlayer/realplay\.bin -- system_u:object_r:unconfined_execmem_exec_t:s0 /usr/bin/mono -- system_u:object_r:mono_exec_t:s0 /usr/(.*/)?bin/java.* -- system_u:object_r:java_exec_t:s0 /opt/(.*/)?bin/java[^/]* -- system_u:object_r:java_exec_t:s0 /usr/lib(.*/)?bin/java[^/]* -- system_u:object_r:java_exec_t:s0 /usr/lib(64)?/openoffice\.org/program/soffice\.bin -- system_u:object_r:java_exec_t:s0 /usr/bin/octave-[^/]* -- system_u:object_r:java_exec_t:s0 /usr/matlab/bin/(.*/)?MATLAB. -- system_u:object_r:java_exec_t:s0 /opt/matlab/bin/(.*/)?MATLAB. -- system_u:object_r:java_exec_t:s0 /usr/lib/jvm/java(.*/)bin(/.*)? -- system_u:object_r:java_exec_t:s0 /usr/local/matlab/bin/(.*/)?MATLAB. -- system_u:object_r:java_exec_t:s0 /opt/local/matlab/bin/(.*/)?MATLAB. -- system_u:object_r:java_exec_t:s0 /opt/ibm/java2-ppc64-50/jre/(bin|javaws)(/.*)? -- system_u:object_r:java_exec_t:s0 /usr/bin/gij -- system_u:object_r:java_exec_t:s0 /usr/bin/grmic -- system_u:object_r:java_exec_t:s0 /usr/bin/frysk -- system_u:object_r:java_exec_t:s0 /usr/bin/fastjar -- system_u:object_r:java_exec_t:s0 /usr/bin/gkeytool -- system_u:object_r:java_exec_t:s0 /usr/bin/gjarsigner -- system_u:object_r:java_exec_t:s0 /usr/bin/jv-convert -- system_u:object_r:java_exec_t:s0 /usr/bin/gcj-dbtool -- system_u:object_r:java_exec_t:s0 /usr/bin/grmiregistry -- system_u:object_r:java_exec_t:s0 /usr/bin/gappletviewer -- system_u:object_r:java_exec_t:s0 /usr/lib/eclipse/eclipse -- system_u:object_r:java_exec_t:s0 /usr/bin/wine -- system_u:object_r:wine_exec_t:s0 /opt/cxoffice/bin/wine -- system_u:object_r:wine_exec_t:s0 /opt/picasa/wine/bin/wine -- system_u:object_r:wine_exec_t:s0
Attachment:
execmem.sig
Description: Binary data
-- fedora-devel-list mailing list fedora-devel-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-devel-list
