| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <alpine.DEB.1.10.0906031134410.13551@gentwo.org> Date: Wed, 3 Jun 2009 11:41:12 -0400 (EDT) From: Christoph Lameter <cl@...ux-foundation.org> To: Stephen Smalley <sds@...ho.nsa.gov> cc: "Larry H." <research@...reption.com>, Linus Torvalds <torvalds@...ux-foundation.org>, linux-mm@...ck.org, Alan Cox <alan@...rguk.ukuu.org.uk>, Rik van Riel <riel@...hat.com>, linux-kernel@...r.kernel.org, pageexec@...email.hu Subject: Re: Security fix for remapping of page 0 (was [PATCH] Change ZERO_SIZE_PTR to point at unmapped space) On Wed, 3 Jun 2009, Stephen Smalley wrote: > > If one remaps page 0 then the kernel checks for NULL pointers of various > > flavors are bypassed and this may be exploited in various creative ways > > to transfer data from kernel space to user space. > > > > Fix this by not allowing the remapping of page 0. Return -EINVAL if > > such a mapping is attempted. > > You can already prevent unauthorized processes from mapping low memory > via the existing mmap_min_addr setting, configurable via > SECURITY_DEFAULT_MMAP_MIN_ADDR or /proc/sys/vm/mmap_min_addr. Then > cap_file_mmap() or selinux_file_mmap() will apply a check when a process > attempts to map memory below that address. mmap_min_addr depends on CONFIG_SECURITY which establishes various strangely complex "security models". The system needs to be secure by default. -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists