[PATCH 0/1] [Maverick, Lucid SRU] LP#568844 -- allow reading of /proc/mmap_min_addr

Andy Whitcroft apw at canonical.com
Tue May 4 16:45:39 UTC 2010

A number of applications need to be able read mmap_min_addr in order to
determine where they should map segments.  The permissions on the proc file
imply that read should be possible but read is prevented by capabilities.
As it is possible for an attacker to determine the current setting by
repeated attempts to map low pages pages there is no point protecting this

The following patch has been submitted upstream and in the security-testing
tree.  Proposing this for Maverick and SRU to Lucid.


Kees Cook (1):
  UBUNTU: SAUCE: mmap_min_addr check CAP_SYS_RAWIO only for write

 security/min_addr.c |    2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)

More information about the kernel-team mailing list