I'd like to see the fedora kernel enable the null pointer hardening work I did upstream by default. http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=ed0321895182ffb6ecf210e066d87911b270d587 Upstream refused to turn it on as it is known to break non-root users of dosemu and they felt very strongly that not one user could break. It can be easily disabled with an entry in sysctl.conf for any such users. Certainly turning this on is something we would want to release note in F9 (which I don't know the process to do) This must not be applied to F8 until at least after the rebase to 2.6.24 as the 2.6.23 implementation of my hardening work is known buggy and causes unneeded issues. Would anyone have a problem carrying this patch in fedora? This would be a forever fedora'ism. --- security/security.c | 2 +- 1 files changed, 1 insertions(+), 1 deletions(-) diff --git a/security/security.c b/security/security.c index 0e1f1f1..61787bb 100644 --- a/security/security.c +++ b/security/security.c @@ -23,7 +23,7 @@ extern struct security_operations dummy_security_ops; extern void security_fixup_ops(struct security_operations *ops); struct security_operations *security_ops; /* Initialized to NULL */ -unsigned long mmap_min_addr; /* 0 means no protection */ +unsigned long mmap_min_addr = 65536; /* protect first 64k */ static inline int verify(struct security_operations *ops) { _______________________________________________ Fedora-kernel-list mailing list Fedora-kernel-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-kernel-list
