enable null pointer hardening by default
Eric Paris
eparis at redhat.com
Thu Dec 13 16:28:44 UTC 2007
On Thu, 2007-12-13 at 10:07 -0600, Eric Sandeen wrote:
> Eric Paris wrote:
> > I'd like to see the fedora kernel enable the null pointer hardening work
> > I did upstream by default.
> >
> > http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=ed0321895182ffb6ecf210e066d87911b270d587
> >
> > Upstream refused to turn it on as it is known to break non-root users of
> > dosemu and they felt very strongly that not one user could break. It
> > can be easily disabled with an entry in sysctl.conf for any such users.
> > Certainly turning this on is something we would want to release note in
> > F9 (which I don't know the process to do)
> >
> > This must not be applied to F8 until at least after the rebase to 2.6.24
> > as the 2.6.23 implementation of my hardening work is known buggy and
> > causes unneeded issues.
> >
> > Would anyone have a problem carrying this patch in fedora? This would
> > be a forever fedora'ism.
>
> Couldn't this default value be a kernel config option?
> (CONFIG_DEFAULT_MMAP_MIN_ADDR) or something less verbose...
Sounds like a better idea to me. I'll push something like that
upstream. And when you see it in a distro near you, lets turn it on!
-Eric
More information about the Fedora-kernel-list
mailing list