On Wed, 27 Jun 2007, Davide Libenzi wrote: > On Wed, 27 Jun 2007, Nicholas Miell wrote: > > > 1) euid is not sufficient, you need to store away arbitrary LSM > > information and call LSM hooks to decide security equivalence. The same > > applies to VServer or whatever other container system you use. > > The EUID that is used now, can easily be any cookie. It can be an LSM > cookie (if LSM is active in the system). We don't do complex checks, like > group permission & Co. We assume that if a UID-cookie had such data > available (or it generated it), it can have it back uncleared.
(looking through the LSM/SeLinux jungle) Also, LSM/SeLinux could disable completely the feature, at request. Just assign a known-to-be-invalid UID to mm->owner_uid (passign through an(other) hook), and pages will never be recycled. - Davide - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
