On Thu, Feb 14, 2008 at 11:09:52AM -0500, Eric Paris wrote: > Looks like rawhide kernels now have the CONFIG_SECURITY_MMAP_MIN_ADDR > Kconfig option. In the past I tried to get this enabled by default > using sysctl, a fedora kernel patch, and now I've got the Kconfig option > in the upstream kernel. Lets set this equal to 65536. I've been > running with this setting on my F8 laptop for some time and haven't seen > any problems (although I do know that dosemu may be an issue for both of > the people in the world who use it, there also may be some virt issues > that I don't know about but which can be very quickly and easily sorted > out) > > This sysctl hardens the kernel against null pointer bugs. Remember the > priv escalation that was all the news last weekend? Not an issue with > this enabled! > > http://www.avertlabs.com/research/blog/index.php/2008/02/13/analyzing-the-linux-kernel-vmsplice-exploit/ I'm more concerned about wine than dosemu. That also uses vm86 afaik. Setting it to !0 on non-x86 builds sounds like it's a safe thing to do however. Dave -- http://www.codemonkey.org.uk _______________________________________________ Fedora-kernel-list mailing list Fedora-kernel-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-kernel-list
