lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20080623070435.76c8b260@infradead.org>
Date:	Mon, 23 Jun 2008 07:04:35 -0700
From:	Arjan van de Ven <arjan@...radead.org>
To:	"Dr. David Alan Gilbert" <linux@...blig.org>
Cc:	linux-kernel@...r.kernel.org
Subject: Re: mmap_min_addr/SECURITY_DEFAULT_MMAP_MIN_ADDR suggested values

On Mon, 23 Jun 2008 14:53:37 +0100
"Dr. David Alan Gilbert" <linux@...blig.org> wrote:

> Hi,
>   The config help for SECURITY_DEFAULT_MMAP_MIN_ADDR suggests 65536
> as a 'reasonable' value for x86 and the original mmap_min_addr
> patches suggested that 'something like 64k' was a safe value that
> wouldn't affect most programs.
> 
>   Where does this 64k value come from?  A number of distros seem
> to have followed this advice and have it set to 64k; but is there
> really any likely benefit of having it larger than PAGE_SIZE say?

there's a few things in the kernel that are bigger than 4K (or rather,
lead to pointers beyond 4K) so it's not all that bad advice.

> 
> I ask because I have an ancient program that maps stuff at 8k; the
> general advice of stuff on the net seems to be to set this limit
> to 0 if people have problems (I'm just lowering it to 4k),
> but I was thinking perhaps using a lower default value would be more
> secure since less people would take the easy answer and just turn the
> feature off altogether.

interesting... what does the program do?
(applications making assumptions on where they can mmap stuff... that's
not really valid. Realistically, the only safe way to use MAP_FIXED is
on memory that you got from mmap before.. think about it: what if
glibc happened to mmap something there first?)

So I'm quite curious what/why this app is doing this


-- 
If you want to reach me at my work email, use arjan@...ux.intel.com
For development, discussion and tips for power savings, 
visit http://www.lesswatts.org
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ