| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20090607102910.GA1592@ucw.cz> Date: Sun, 7 Jun 2009 12:29:11 +0200 From: Pavel Machek <pavel@....cz> To: Christoph Lameter <cl@...ux-foundation.org> Cc: "Larry H." <research@...reption.com>, Linus Torvalds <torvalds@...ux-foundation.org>, linux-mm@...ck.org, Alan Cox <alan@...rguk.ukuu.org.uk>, Rik van Riel <riel@...hat.com>, linux-kernel@...r.kernel.org, pageexec@...email.hu Subject: Re: Security fix for remapping of page 0 (was [PATCH] Change ZERO_SIZE_PTR to point at unmapped space) Hi! > Ok. So what we need to do is stop this toying around with remapping of > page 0. The following patch contains a fix and a test program that > demonstrates the issue. > > > Subject: [Security] Do not allow remapping of page 0 via MAP_FIXED > > If one remaps page 0 then the kernel checks for NULL pointers of various > flavors are bypassed and this may be exploited in various creative ways > to transfer data from kernel space to user space. Yes, mmap() at page zero 0 makes exploits harder; and yes disabling it may be useful (but we tried that before, see Alan's comment). But that does not it mean it deserves _security_ label. Call it robustness or something.... Pavel -- (english) http://www.livejournal.com/~pavelmachek (cesky, pictures) http://atrey.karlin.mff.cuni.cz/~pavel/picture/horses/blog.html -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists