Should mprotect(..., PROT_EXEC) be checked by IMA?
Mimi Zohar
zohar at linux.ibm.com
Fri Mar 29 10:59:47 UTC 2019
[Cc'ing the LSM mailing list and others]
On Fri, 2019-03-29 at 13:00 +0300, Igor Zhbanov wrote:
> Hi Mimi,On 28.03.2019 20:17, Mimi Zohar wrote:
> > I just came across the grsecurity article on mprotect.[1]
> > Has anyone looked at it? Would it make sense to make it a minor LSM?
> >
> > [1]https://pax.grsecurity.net/docs/mprotect.txt
>
> Interesting article. It is almost exactly of what I wanted to be implemented.
>
> If this minor LSM would be stackable to allow combining with e.g. SELinux
> then why not.
Stacking shouldn't be a problem. Other LSMs are already on the
mprotect hook. Let's hear what others think.
Mimi
More information about the Linux-security-module-archive
mailing list