[PATCH 0/1] [Maverick, Lucid SRU] LP#568844 -- allow reading of /proc/mmap_min_addr
Andy Whitcroft
apw at canonical.com
Tue May 4 16:45:39 UTC 2010
A number of applications need to be able read mmap_min_addr in order to
determine where they should map segments. The permissions on the proc file
imply that read should be possible but read is prevented by capabilities.
As it is possible for an attacker to determine the current setting by
repeated attempts to map low pages pages there is no point protecting this
information.
The following patch has been submitted upstream and in the security-testing
tree. Proposing this for Maverick and SRU to Lucid.
-apw
Kees Cook (1):
UBUNTU: SAUCE: mmap_min_addr check CAP_SYS_RAWIO only for write
security/min_addr.c | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
More information about the kernel-team
mailing list