enable null pointer hardening by default
Eric Paris
eparis at redhat.com
Thu Dec 13 15:58:38 UTC 2007
I'd like to see the fedora kernel enable the null pointer hardening work
I did upstream by default.
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=ed0321895182ffb6ecf210e066d87911b270d587
Upstream refused to turn it on as it is known to break non-root users of
dosemu and they felt very strongly that not one user could break. It
can be easily disabled with an entry in sysctl.conf for any such users.
Certainly turning this on is something we would want to release note in
F9 (which I don't know the process to do)
This must not be applied to F8 until at least after the rebase to 2.6.24
as the 2.6.23 implementation of my hardening work is known buggy and
causes unneeded issues.
Would anyone have a problem carrying this patch in fedora? This would
be a forever fedora'ism.
---
security/security.c | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
diff --git a/security/security.c b/security/security.c
index 0e1f1f1..61787bb 100644
--- a/security/security.c
+++ b/security/security.c
@@ -23,7 +23,7 @@ extern struct security_operations dummy_security_ops;
extern void security_fixup_ops(struct security_operations *ops);
struct security_operations *security_ops; /* Initialized to NULL */
-unsigned long mmap_min_addr; /* 0 means no protection */
+unsigned long mmap_min_addr = 65536; /* protect first 64k */
static inline int verify(struct security_operations *ops)
{
More information about the Fedora-kernel-list
mailing list