Re: Should mprotect(..., PROT_EXEC) be checked by IMA?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



[Cc'ing the LSM mailing list and others]

On Fri, 2019-03-29 at 13:00 +0300, Igor Zhbanov wrote:
> Hi Mimi,On 28.03.2019 20:17, Mimi Zohar wrote:

> > I just came across the grsecurity article on mprotect.[1]
> >  Has anyone looked at it? Would it make sense to make it a minor LSM?
> > 
> > [1]https://pax.grsecurity.net/docs/mprotect.txt
> 
> Interesting article. It is almost exactly of what I wanted to be implemented.
> 
> If this minor LSM would be stackable to allow combining with e.g. SELinux
> then why not.

Stacking shouldn't be a problem.  Other LSMs are already on the
mprotect hook.  Let's hear what others think.

Mimi




[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Linux Kernel]     [Linux Kernel Hardening]     [Linux NFS]     [Linux NILFS]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Yosemite News]     [Linux SCSI]

  Powered by Linux