lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Wed, 3 Jun 2009 15:14:52 -0400
From:	Eric Paris <eparis@...isplace.org>
To:	Christoph Lameter <cl@...ux-foundation.org>
Cc:	Linus Torvalds <torvalds@...ux-foundation.org>,
	"Larry H." <research@...reption.com>,
	Alan Cox <alan@...rguk.ukuu.org.uk>, linux-mm@...ck.org,
	Rik van Riel <riel@...hat.com>, linux-kernel@...r.kernel.org,
	pageexec@...email.hu
Subject: Re: Security fix for remapping of page 0 (was [PATCH] Change 
	ZERO_SIZE_PTR to point at unmapped space)

On Wed, Jun 3, 2009 at 2:59 PM, Christoph Lameter
<cl@...ux-foundation.org> wrote:
> We could just move the check for mmap_min_addr out from
> CONFIG_SECURITY?
>
>
> Use mmap_min_addr indepedently of security models
>
> This patch removes the dependency of mmap_min_addr on CONFIG_SECURITY.
> It also sets a default mmap_min_addr of 4096.
>
> mmapping of addresses below 4096 will only be possible for processes
> with CAP_SYS_RAWIO.
>
>
> Signed-off-by: Christoph Lameter <cl@...ux-foundation.org>

NAK  with SELinux on you now need both the SELinux mmap_zero
permission and the CAP_SYS_RAWIO permission.  Previously you only
needed one or the other, depending on which was the predominant
LSM.....

Even if you want to argue that I have to take CAP_SYS_RAWIO in the
SELinux case what about all the other places?  do_mremap?  do_brk?
expand_downwards?

-Eric


> ===================================================================
> --- linux-2.6.orig/mm/mmap.c    2009-06-03 13:48:01.000000000 -0500
> +++ linux-2.6/mm/mmap.c 2009-06-03 13:48:10.000000000 -0500
> @@ -87,6 +87,9 @@ int sysctl_overcommit_ratio = 50;     /* def
>  int sysctl_max_map_count __read_mostly = DEFAULT_MAX_MAP_COUNT;
>  struct percpu_counter vm_committed_as;
>
> +/* amount of vm to protect from userspace access */
> +unsigned long mmap_min_addr = CONFIG_DEFAULT_MMAP_MIN_ADDR;
> +
>  /*
>  * Check that a process has enough memory to allocate a new virtual
>  * mapping. 0 means there is enough memory for the allocation to
> @@ -1043,6 +1046,9 @@ unsigned long do_mmap_pgoff(struct file
>                }
>        }
>
> +       if ((addr < mmap_min_addr) && !capable(CAP_SYS_RAWIO))
> +               return -EACCES;
> +
>        error = security_file_mmap(file, reqprot, prot, flags, addr, 0);
>        if (error)
>                return error;
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ