User: Password:
|
|
Subscribe / Log in / New account

mmap_min_addr and security modules

mmap_min_addr and security modules

Posted Jul 20, 2009 22:15 UTC (Mon) by spender (subscriber, #23067)
In reply to: mmap_min_addr and security modules by corbet
Parent article: Fun with NULL pointers, part 1

That's not the right check. security_file_mmap (which is either set by the capabilities module or overriden by the SELinux module) is what implements the final check. The one you pasted doesn't even apply for MAP_FIXED but is just to ensure that the allocator doesn't choose an address below mmap_min_addr when only a hint is specified.

If SELinux is compiled into the kernel, it needs to be disabled at boot via the kernel command-line, otherwise it registers its hooks with LSM and overrides that of the capabilities module for security_file_mmap which performs the mmap_min_addr check.

-Brad


(Log in to post comments)


Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds