A number of applications need to be able read mmap_min_addr in order to
determine where they should map segments. The permissions on the proc file
imply that read should be possible but read is prevented by capabilities.
As it is possible for an attacker to determine the current setting by
repeated attempts to map low pages pages there is no point protecting this
The following patch has been submitted upstream and in the security-testing
tree. Proposing this for Maverick and SRU to Lucid.
Kees Cook (1):
UBUNTU: SAUCE: mmap_min_addr check CAP_SYS_RAWIO only for write