From: Eric Paris <eparis@redhat.com>
To: linux-kernel@vger.kernel.org
Cc: jmorris@namei.org, alan@redhat.com, chrisw@redhat.com,
akpm@linux-foundation.org, linux-security-module@vger.kernel.org,
solar@openwall.com, wtarreau@hera.kernel.org
Subject: [PATCH] Allow Kconfig to set default mmap_min_addr protection
Date: Wed, 19 Dec 2007 16:59:05 -0500 [thread overview]
Message-ID: <1198101545.6197.52.camel@localhost.localdomain> (raw)
Since it was decided that low memory protection from userspace couldn't
be turned on by default add a Kconfig option to allow users/distros to
set a default at compile time. This value is still tunable after boot
in /proc/sys/vm/mmap_min_addr
Signed-off-by: Eric Paris <eparis@redhat.com>
---
security/Kconfig | 18 ++++++++++++++++++
security/security.c | 4 +++-
2 files changed, 21 insertions(+), 1 deletions(-)
diff --git a/security/Kconfig b/security/Kconfig
index 8086e61..10c9e40 100644
--- a/security/Kconfig
+++ b/security/Kconfig
@@ -103,6 +103,24 @@ config SECURITY_ROOTPLUG
If you are unsure how to answer this question, answer N.
+config SECURITY_DEFAULT_MMAP_MIN_ADDR
+ int "Low address space to protect from user allocation"
+ depends on SECURITY
+ default 0
+ help
+ This is the portion of low virtual memory which should be protected
+ from userspace allocation. Keeping a user from writing to low pages
+ can help reduce the impact of kernel NULL pointer bugs.
+
+ For most users with lots of address space a value of 65536 is
+ reasonable and should cause no problems. Programs which use vm86
+ functionality would either need additional permissions from either
+ the LSM or the capabilities module or have this protection disabled.
+
+ This value can be changed after boot using the
+ /proc/sys/vm/mmap_min_addr tunable.
+
+
source security/selinux/Kconfig
endmenu
diff --git a/security/security.c b/security/security.c
index 0e1f1f1..c784726 100644
--- a/security/security.c
+++ b/security/security.c
@@ -23,7 +23,9 @@ extern struct security_operations dummy_security_ops;
extern void security_fixup_ops(struct security_operations *ops);
struct security_operations *security_ops; /* Initialized to NULL */
-unsigned long mmap_min_addr; /* 0 means no protection */
+
+/* amount of vm to protect from userspace access */
+unsigned long mmap_min_addr = CONFIG_SECURITY_DEFAULT_MMAP_MIN_ADDR;
static inline int verify(struct security_operations *ops)
{
next reply other threads:[~2007-12-19 22:00 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2007-12-19 21:59 Eric Paris [this message]
2007-12-19 23:29 ` [PATCH] Allow Kconfig to set default mmap_min_addr protection Jan Engelhardt
2007-12-21 20:31 ` Eric Paris
2007-12-21 21:10 ` Jan Engelhardt
2007-12-21 21:16 ` Willy Tarreau
2007-12-21 22:04 ` Jan Engelhardt
2007-12-21 22:35 ` Greg KH
2007-12-21 22:59 ` Jan Engelhardt
2008-01-02 17:09 ` Eric Paris
2008-01-02 17:26 ` Jan Engelhardt
2008-01-02 18:10 ` Willy Tarreau
2007-12-21 22:34 ` Greg KH
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1198101545.6197.52.camel@localhost.localdomain \
--to=eparis@redhat.com \
--cc=akpm@linux-foundation.org \
--cc=alan@redhat.com \
--cc=chrisw@redhat.com \
--cc=jmorris@namei.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=solar@openwall.com \
--cc=wtarreau@hera.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.