On 05/04/2010 05:45 PM, Andy Whitcroft wrote:
> A number of applications need to be able read mmap_min_addr in order to
> determine where they should map segments. The permissions on the proc file
> imply that read should be possible but read is prevented by capabilities.
> As it is possible for an attacker to determine the current setting by
> repeated attempts to map low pages pages there is no point protecting this
> The following patch has been submitted upstream and in the security-testing
> tree. Proposing this for Maverick and SRU to Lucid.
> Kees Cook (1):
> UBUNTU: SAUCE: mmap_min_addr check CAP_SYS_RAWIO only for write
> security/min_addr.c | 2 +-
> 1 files changed, 1 insertions(+), 1 deletions(-)
Acked-by: Tim Gardner <firstname.lastname@example.org>
Tim Gardner email@example.com
kernel-team mailing list