This is the 2.4 equivalent of the following 2.6 patch by Eric Paris :
ecaf18c15aac8bb9bed7b7aa0e382fe252e275d5
Given a specifically crafted binary do_brk() can be used to get low
pages available in userspace virtually memory and can thus be used to
circumvent the mmap_min_addr low memory protection. Add security checks
in do_brk().
Signed-off-by: Willy Tarreau <w@1wt.eu>
if ((addr + len) > TASK_SIZE || (addr + len) < addr)
return -EINVAL;
+ if (addr < mmap_min_addr && !capable(CAP_SYS_RAWIO))
+ return -ENOMEM;
+
/*
* mlock MCL_FUTURE?
*/