From: Rik van Riel <riel@redhat.com>
To: "Larry H." <research@subreption.com>
Cc: Christoph Lameter <cl@linux-foundation.org>,
Stephen Smalley <sds@tycho.nsa.gov>,
Linus Torvalds <torvalds@linux-foundation.org>,
linux-mm@kvack.org, Alan Cox <alan@lxorguk.ukuu.org.uk>,
linux-kernel@vger.kernel.org, pageexec@freemail.hu
Subject: Re: Security fix for remapping of page 0 (was [PATCH] Change ZERO_SIZE_PTR to point at unmapped space)
Date: Wed, 03 Jun 2009 12:36:25 -0400 [thread overview]
Message-ID: <4A26A689.1090300@redhat.com> (raw)
In-Reply-To: <20090603162831.GF6701@oblivion.subreption.com>
Larry H. wrote:
> Christopher, crippling the system is truly not the way to fix this.
> There are many legitimate users of private|fixed mappings at 0. In
> addition, if you want to go ahead and break POSIX, at least make sure
> your patch closes the loophole.
I suspect there aren't many at all, and restricting them through
SELinux may be enough to mitigate the risk.
> If SELinux isn't present, that's not useful. If mmap_min_addr is
> enabled, that still won't solve what my original, utterly simple patch
> fixes.
Would anybody paranoid run their system without SELinux?
> The patch provides a no-impact, clean solution to prevent kmalloc(0)
> situations from becoming a security hazard. Nothing else.
True, the changes in your patch only affect a few code paths.
--
All rights reversed.
WARNING: multiple messages have this Message-ID (diff)
From: Rik van Riel <riel@redhat.com>
To: "Larry H." <research@subreption.com>
Cc: Christoph Lameter <cl@linux-foundation.org>,
Stephen Smalley <sds@tycho.nsa.gov>,
Linus Torvalds <torvalds@linux-foundation.org>,
linux-mm@kvack.org, Alan Cox <alan@lxorguk.ukuu.org.uk>,
linux-kernel@vger.kernel.org, pageexec@freemail.hu
Subject: Re: Security fix for remapping of page 0 (was [PATCH] Change ZERO_SIZE_PTR to point at unmapped space)
Date: Wed, 03 Jun 2009 12:36:25 -0400 [thread overview]
Message-ID: <4A26A689.1090300@redhat.com> (raw)
In-Reply-To: <20090603162831.GF6701@oblivion.subreption.com>
Larry H. wrote:
> Christopher, crippling the system is truly not the way to fix this.
> There are many legitimate users of private|fixed mappings at 0. In
> addition, if you want to go ahead and break POSIX, at least make sure
> your patch closes the loophole.
I suspect there aren't many at all, and restricting them through
SELinux may be enough to mitigate the risk.
> If SELinux isn't present, that's not useful. If mmap_min_addr is
> enabled, that still won't solve what my original, utterly simple patch
> fixes.
Would anybody paranoid run their system without SELinux?
> The patch provides a no-impact, clean solution to prevent kmalloc(0)
> situations from becoming a security hazard. Nothing else.
True, the changes in your patch only affect a few code paths.
--
All rights reversed.
--
To unsubscribe, send a message with 'unsubscribe linux-mm' in
the body to majordomo@kvack.org. For more info on Linux MM,
see: http://www.linux-mm.org/ .
Don't email: <a href=mailto:"dont@kvack.org"> email@kvack.org </a>
next prev parent reply other threads:[~2009-06-03 16:37 UTC|newest]
Thread overview: 114+ messages / expand[flat|nested] mbox.gz Atom feed top
2009-05-30 19:28 [PATCH] Change ZERO_SIZE_PTR to point at unmapped space Larry H.
2009-05-30 19:28 ` Larry H.
2009-05-30 22:29 ` Linus Torvalds
2009-05-30 22:29 ` Linus Torvalds
2009-05-30 23:00 ` Larry H.
2009-05-30 23:00 ` Larry H.
2009-05-31 2:02 ` Linus Torvalds
2009-05-31 2:02 ` Linus Torvalds
2009-05-31 2:21 ` Larry H.
2009-05-31 2:21 ` Larry H.
2009-06-02 15:37 ` Christoph Lameter
2009-06-02 15:37 ` Christoph Lameter
2009-06-02 20:34 ` Larry H.
2009-06-02 20:34 ` Larry H.
2009-06-03 14:50 ` Security fix for remapping of page 0 (was [PATCH] Change ZERO_SIZE_PTR to point at unmapped space) Christoph Lameter
2009-06-03 14:50 ` Christoph Lameter
2009-06-03 15:07 ` Linus Torvalds
2009-06-03 15:07 ` Linus Torvalds
2009-06-03 15:23 ` Christoph Lameter
2009-06-03 15:23 ` Christoph Lameter
2009-06-03 15:38 ` Linus Torvalds
2009-06-03 15:38 ` Linus Torvalds
2009-06-03 16:14 ` Alan Cox
2009-06-03 16:14 ` Alan Cox
2009-06-03 16:19 ` Linus Torvalds
2009-06-03 16:19 ` Linus Torvalds
2009-06-03 16:24 ` Eric Paris
2009-06-03 16:24 ` Eric Paris
2009-06-03 16:22 ` Eric Paris
2009-06-03 16:22 ` Eric Paris
2009-06-03 16:28 ` Linus Torvalds
2009-06-03 16:28 ` Linus Torvalds
2009-06-03 16:32 ` Eric Paris
2009-06-03 16:32 ` Eric Paris
2009-06-03 16:44 ` Linus Torvalds
2009-06-03 16:44 ` Linus Torvalds
2009-06-03 15:11 ` Stephen Smalley
2009-06-03 15:11 ` Stephen Smalley
2009-06-03 15:41 ` Christoph Lameter
2009-06-03 15:41 ` Christoph Lameter
2009-06-03 16:18 ` Linus Torvalds
2009-06-03 16:18 ` Linus Torvalds
2009-06-03 16:28 ` Larry H.
2009-06-03 16:28 ` Larry H.
2009-06-03 16:36 ` Rik van Riel [this message]
2009-06-03 16:36 ` Rik van Riel
2009-06-03 16:47 ` Linus Torvalds
2009-06-03 16:47 ` Linus Torvalds
2009-06-03 17:16 ` Eric Paris
2009-06-03 17:16 ` Eric Paris
2009-06-03 17:28 ` Linus Torvalds
2009-06-03 17:28 ` Linus Torvalds
2009-06-03 17:31 ` Eric Paris
2009-06-03 17:31 ` Eric Paris
2009-06-03 17:24 ` Larry H.
2009-06-03 17:24 ` Larry H.
2009-06-03 17:21 ` Larry H.
2009-06-03 17:21 ` Larry H.
2009-06-03 22:52 ` James Morris
2009-06-03 22:52 ` James Morris
2009-06-03 17:29 ` Alan Cox
2009-06-03 17:29 ` Alan Cox
2009-06-03 17:35 ` Linus Torvalds
2009-06-03 17:35 ` Linus Torvalds
2009-06-03 18:00 ` Larry H.
2009-06-03 18:00 ` Larry H.
2009-06-03 18:12 ` Linus Torvalds
2009-06-03 18:12 ` Linus Torvalds
2009-06-03 18:39 ` Larry H.
2009-06-03 18:39 ` Larry H.
2009-06-03 18:45 ` Linus Torvalds
2009-06-03 18:45 ` Linus Torvalds
2009-06-03 18:50 ` Linus Torvalds
2009-06-03 18:50 ` Linus Torvalds
2009-06-03 18:59 ` Christoph Lameter
2009-06-03 18:59 ` Christoph Lameter
2009-06-03 19:11 ` Rik van Riel
2009-06-03 19:11 ` Rik van Riel
2009-06-03 19:14 ` Eric Paris
2009-06-03 19:14 ` Eric Paris
2009-06-03 19:42 ` Christoph Lameter
2009-06-03 19:42 ` Christoph Lameter
2009-06-03 19:51 ` Eric Paris
2009-06-03 19:51 ` Eric Paris
2009-06-03 20:04 ` Christoph Lameter
2009-06-03 20:04 ` Christoph Lameter
2009-06-03 20:16 ` Eric Paris
2009-06-03 20:16 ` Eric Paris
2009-06-03 20:36 ` Christoph Lameter
2009-06-03 20:36 ` Christoph Lameter
2009-06-03 21:20 ` Linus Torvalds
2009-06-03 21:20 ` Linus Torvalds
2009-06-04 2:41 ` James Morris
2009-06-04 2:41 ` James Morris
2009-06-03 19:21 ` Alan Cox
2009-06-03 19:21 ` Alan Cox
2009-06-03 19:45 ` Christoph Lameter
2009-06-03 19:45 ` Christoph Lameter
2009-06-03 21:07 ` Alan Cox
2009-06-03 21:07 ` Alan Cox
2009-06-03 19:27 ` Linus Torvalds
2009-06-03 19:27 ` Linus Torvalds
2009-06-03 19:50 ` Christoph Lameter
2009-06-03 19:50 ` Christoph Lameter
2009-06-03 20:00 ` pageexec
2009-06-03 20:00 ` pageexec
2009-06-03 19:41 ` pageexec
2009-06-03 19:41 ` pageexec
2009-06-07 10:29 ` Pavel Machek
2009-06-07 10:29 ` Pavel Machek
2009-05-30 22:32 ` [PATCH] Change ZERO_SIZE_PTR to point at unmapped space Peter Zijlstra
2009-05-30 22:32 ` Peter Zijlstra
2009-05-30 22:51 ` Larry H.
2009-05-30 22:51 ` Larry H.
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4A26A689.1090300@redhat.com \
--to=riel@redhat.com \
--cc=alan@lxorguk.ukuu.org.uk \
--cc=cl@linux-foundation.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=pageexec@freemail.hu \
--cc=research@subreption.com \
--cc=sds@tycho.nsa.gov \
--cc=torvalds@linux-foundation.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.