Looks like rawhide kernels now have the CONFIG_SECURITY_MMAP_MIN_ADDR Kconfig option. In the past I tried to get this enabled by default using sysctl, a fedora kernel patch, and now I've got the Kconfig option in the upstream kernel. Lets set this equal to 65536. I've been running with this setting on my F8 laptop for some time and haven't seen any problems (although I do know that dosemu may be an issue for both of the people in the world who use it, there also may be some virt issues that I don't know about but which can be very quickly and easily sorted out) This sysctl hardens the kernel against null pointer bugs. Remember the priv escalation that was all the news last weekend? Not an issue with this enabled! http://www.avertlabs.com/research/blog/index.php/2008/02/13/analyzing-the-linux-kernel-vmsplice-exploit/ -Eric _______________________________________________ Fedora-kernel-list mailing list Fedora-kernel-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-kernel-list
