OSDN Git Service
[PATCH] sysctl to prevent normal processes from mapping NULL
After a patch proposal from Solar Designer, and discussions with
Alan Cox and Chris Wright, I modeled this patch which permits to
restrict mapping of lower virtual addresses to CAP_RAW_IO capable
processes only.
This makes it harder for processes to try to exploit NULL pointer
dereference bugs in the kernel.
In order to ease transition from 2.4 to 2.6, the patch has also
been inspired by Eric Paris's patch now present in 2.6, which
adds the sys/vm/mmap_min_addr sysctl by which the lowest mappable
address is set. This sysctl defaults to zero, meaning NULL is
allowed by default.
According to test ran by Solar Designer, both Xorg and Wine run
correctly as a normal user with the restriction enabled. There
should be very few regressions when enabling it, and it is
recommended to enable it on servers after the obviously needed
validation.
Alan points that some rare programs use a trick consisting in
mapping this page in order to reduce the number of NULL checks
in linked lists for instance.
Signed-off-by: Willy Tarreau <w@1wt.eu>
OSDN Git Service
