Eric Paris wrote: > I'd like to see the fedora kernel enable the null pointer hardening work > I did upstream by default. > > http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=ed0321895182ffb6ecf210e066d87911b270d587 > > Upstream refused to turn it on as it is known to break non-root users of > dosemu and they felt very strongly that not one user could break. It > can be easily disabled with an entry in sysctl.conf for any such users. > Certainly turning this on is something we would want to release note in > F9 (which I don't know the process to do) > > This must not be applied to F8 until at least after the rebase to 2.6.24 > as the 2.6.23 implementation of my hardening work is known buggy and > causes unneeded issues. > > Would anyone have a problem carrying this patch in fedora? This would > be a forever fedora'ism. Couldn't this default value be a kernel config option? (CONFIG_DEFAULT_MMAP_MIN_ADDR) or something less verbose... -Eric > --- > > security/security.c | 2 +- > 1 files changed, 1 insertions(+), 1 deletions(-) > > diff --git a/security/security.c b/security/security.c > index 0e1f1f1..61787bb 100644 > --- a/security/security.c > +++ b/security/security.c > @@ -23,7 +23,7 @@ extern struct security_operations dummy_security_ops; > extern void security_fixup_ops(struct security_operations *ops); > > struct security_operations *security_ops; /* Initialized to NULL */ > -unsigned long mmap_min_addr; /* 0 means no protection */ > +unsigned long mmap_min_addr = 65536; /* protect first 64k */ > > static inline int verify(struct security_operations *ops) > { > > > _______________________________________________ > Fedora-kernel-list mailing list > Fedora-kernel-list@xxxxxxxxxx > https://www.redhat.com/mailman/listinfo/fedora-kernel-list _______________________________________________ Fedora-kernel-list mailing list Fedora-kernel-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-kernel-list
