madaidan
madaidan
bubblewrap can be made setuid and commonly is. It even explains it in the readme.
> I've only taken a quick look but can't this be easily bypassed with PROT_EXEC memory mappings? Executable memory mappings are a big issue but I don't think it should...
The rebase messed up but I fixed it with https://github.com/anthraxx/linux-hardened/pull/23/commits/a980d62664e27ee52a86163f293a92271c98654c Would you be able to squash those other commits?
I think I fixed it. Do you see anything wrong? I want to make sure I get this right before I mess up the other PRs.
Why create a new, more complex LSM for an if statement?
@anthraxx are you still interested in accepting these PRs?
> Yes, but the rebase has never been executed that would allow convenient review here. Oh, sorry. I'll start rebasing all of them. > The other PRs have also partially...
I haven't seen any activity on S.A.R.A. since 2017 so having MPROTECT here makes a lot of sense.
Ah, thanks. I couldn't find anything past 2017.
GrapheneOS is shipping this: https://github.com/GrapheneOS/kernel_google_crosshatch/commit/200aae27376f6256f6618c4be57f0859cbb954e5 https://github.com/GrapheneOS/kernel_google_coral/commit/6b70e590f4a345c2af667e9ede84dbbe6ad8e0b3