On Fri, 14 Aug 2009, Eric Paris wrote: > I'm tired of these recent exploits and SELinux being weaker against > local user priv escalation bugs using NULL pointers. Can we push > > 7c73875e7dda627040b12c19b01db634fa7f0fd1 > 84336d1a77ccd2c06a730ddd38e695c2324a7386 > a2551df7ec568d87793d2eea4ca744e86318f205 > 47d439e9fb8a81a90022cfa785bf1c36c4e2aff6 > > To linus? It's fixing a clear security bug in that we are not checking > DAC before granting mmap_min_addr. If need be I'll write another > smaller patch which just does the DAC check in the SELinux security > hook, but I'd rather see the true separation. Probably best to make the smallest possible change now, so I suggest the latter (which might be useful for distro backporting). -- James Morris <jmorris@xxxxxxxxx> -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with the words "unsubscribe selinux" without quotes as the message.
