1. 14 May, 2010 1 commit
    • Kees Cook's avatar
      mmap_min_addr check CAP_SYS_RAWIO only for write · 4ae69e6b
      Kees Cook authored
      Redirecting directly to lsm, here's the patch discussed on lkml:
      http://lkml.org/lkml/2010/4/22/219
      
      The mmap_min_addr value is useful information for an admin to see without
      being root ("is my system vulnerable to kernel NULL pointer attacks?") and
      its setting is trivially easy for an attacker to determine by calling
      mmap() in PAGE_SIZE increments starting at 0, so trying to keep it private
      has no value.
      
      Only require CAP_SYS_RAWIO if changing the value, not reading it.
      
      Comment from Serge :
      
        Me, I like to write my passwords with light blue pen on dark blue
        paper, pasted on my window - if you're going to get my password, you're
        gonna get a headache.
      Signed-off-by: default avatarKees Cook <kees.cook@canonical.com>
      Acked-by: default avatarSerge Hallyn <serue@us.ibm.com>
      Signed-off-by: default avatarJames Morris <jmorris@namei.org>
      (cherry picked from commit 822cceec7248013821d655545ea45d1c6a9d15b3)
      4ae69e6b
  2. 13 May, 2010 27 commits
  3. 12 May, 2010 12 commits