On Mon, Mar 25, 2019 at 01:33:51PM -0400, TongZhang wrote: > Dear Kernel Developers, > > We’d like to bring this up for a discussion again. > > Several months ago we posted an email discussing a case where > remap_file_pages() has no security_mmap_file() check. > At that time we were told that do_mmap_pgoff() will base the new VMA > permission on the old one. > But somehow we still think the check is needed, for the reason that the > advisory could first do a > mmap() which can pass SELinux check then remap using a completely different > file or region of file, > which could possibly pose a risk.
Could you elabarote on the risk you see? A bad scenario that could be prevented with SELinux check would be helpful. -- Kirill A. Shutemov
