FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Ubuntu > Ubuntu Kernel Team

 
 
LinkBack Thread Tools
 
Old 06-04-2008, 04:11 PM
Kees Cook
 
Default valgrind partially broken by current hardy-proposed kernel?

On Wed, Jun 04, 2008 at 11:33:00AM -0400, Ben Collins wrote:
> On Wed, 2008-06-04 at 08:12 -0700, Kees Cook wrote:
> > On Wed, Jun 04, 2008 at 01:30:55PM +0100, Matthew Garrett wrote:
> > > On Mon, Jun 02, 2008 at 03:07:10PM -0700, Kees Cook wrote:
> > >
> > > > True, but the mmap_min_addr setting only affects MAP_FIXED, in which
> > > > you really want address 0. (And yes, that's valid, but not common.)
> > > > The common use-case of use NULL to just get an arbitrary mapping is done
> > > > without MAP_FIXED.
> > >
> > > vbetool needs to map address 0 with MAP_FIXED in order to get the IDT.
> >
> > Yes, but it (and usplash) run as root, which is exempt from this check.
> > (Wine and dosemu use this area as well, and for those use cases, people
> > have been advised to change the limit back to 0. For the default use-cases,
> > there is no problem.)
>
> So what danger is imposed by the non-root use case being able to mmap
> below 64k?

Since user-space and kernel-space share the same virtual memory maps, if
there is a future kernel bug that does dereferenced NULL-to-function
call junk again (there have been at least two in the past) the user can
first map the region, set up their own kernel functions, and then tweak
the bug[1].

Like some of the other hardening bits, it's a preventative measure.

-Kees

[1] http://www.phrack.com/issues.html?issue=64&id=6#article (see 2.1)

--
Kees Cook
Ubuntu Security Team

--
kernel-team mailing list
kernel-team@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/kernel-team
 

Thread Tools




All times are GMT. The time now is 06:15 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org