Hi, Le samedi 21 septembre 2013 à 18:55 +0530, Ravi Teja a écrit : > I tried mmap'ing to address zero after > setting /proc/sys/vm/mmap_min_addr to 0, but mmap is giving Permission > Denied error. > Le vendredi 28 février 2014 à 07:39 +0000, Dongyan Yang a écrit : > I've got the same problem as you. I've set mmap_min_addr as 0 and when I > intentionally use MAP_FIXED to mmap to 0x00000000. I've got error > "Permission Denied". > Too many reason why you're denied from mapping a page at 0x0. - /proc/sys/vm/mmap_min_addr, but you already enable it sysctl -w vm.mmap_min_addr=0 - capabilities: your process need to have CAP_SYS_RAWIO running it at root is likely to give the aforementioned capability. - SELinux: you're running your process in a context that deny mapping page 0 check with: getselinux mmap_low_allowed temporary allow with: setselinux mmap_low_allowed=on But allowing mapping page 0 is widening exposure to null pointer dereferences exploit. You should think very carefully before allowing such. "Bypassing Linux' NULL pointer dereference exploit prevention (mmap_min_addr)", Friday, June 26, 2009, Julien Tinnes http://blog.cr0.org/2009/06/bypassing-linux-null-pointer.html "Fun with NULL pointers, part 1" , Jonathan Corbet, July 20, 2009 http://lwn.net/Articles/342330/ "Fun with NULL pointers, part 2" By Jonathan Corbet, July 21, 2009 http://lwn.net/Articles/342420/ "mmap_min_addr on SELinux and non-SELinux systems", Eric Paris, July 21st, 2009 http://eparis.livejournal.com/606.html "Confining the unconfined. Oxymoron?", Dan Walsh, July 21st, 2009 http://danwalsh.livejournal.com/30084.html "Bug 511143 - selinux policy allows addr 0 mappings by default", July 13, 2009 https://bugzilla.redhat.com/show_bug.cgi?id=511143 "Security-Enhanced Linux (SELinux) policy and the mmap_min_addr protection (CVE-2009-2695)" https://access.redhat.com/site/articles/17995 "How do I mitigate against NULL pointer dereference vulnerabilities?" https://access.redhat.com/site/articles/20484 "SELinux hardening for mmap_min_addr protections" Eric Paris August 26th, 2009 http://eparis.livejournal.com/891.html "Much ado about NULL: Exploiting a kernel NULL dereference" By Nelson Elhage on Apr 12, 2010 https://blogs.oracle.com/ksplice/entry/much_ado_about_null_exploiting1 Regards. -- Yann Droneaud OPTEYA _______________________________________________ Kernelnewbies mailing list Kernelnewbies@xxxxxxxxxxxxxxxxx http://lists.kernelnewbies.org/mailman/listinfo/kernelnewbies
