14 May, 2010

1 commit

• 4ae69e6b7   mmap_min_addr check CAP_SYS_RAWIO only for write ... Browse Code »

  Redirecting directly to lsm, here's the patch discussed on lkml:
  http://lkml.org/lkml/2010/4/22/219

  The mmap_min_addr value is useful information for an admin to see without
  being root ("is my system vulnerable to kernel NULL pointer attacks?") and
  its setting is trivially easy for an attacker to determine by calling
  mmap() in PAGE_SIZE increments starting at 0, so trying to keep it private
  has no value.

  Only require CAP_SYS_RAWIO if changing the value, not reading it.

  Comment from Serge :

  Me, I like to write my passwords with light blue pen on dark blue
  paper, pasted on my window - if you're going to get my password, you're
  gonna get a headache.

  Signed-off-by: Kees Cook
  Acked-by: Serge Hallyn
  Signed-off-by: James Morris
  (cherry picked from commit 822cceec7248013821d655545ea45d1c6a9d15b3)

  Kees Cook

  2010-05-14 17:03:15 +0800  

17 Dec, 2009

1 commit

• dd880fbe8   security/min_addr.c: make init_mmap_min_addr() static ... Browse Code »

  init_mmap_min_addr() is a pure_initcall and should be static.

  Signed-off-by: H Hartley Sweeten
  Signed-off-by: Andrew Morton
  Signed-off-by: James Morris

  H Hartley Sweeten

  2009-12-17 06:24:22 +0800  

09 Nov, 2009

1 commit

• 0e1a6ef2d   sysctl: require CAP_SYS_RAWIO to set mmap_min_addr ... Browse Code »

  Currently the mmap_min_addr value can only be bypassed during mmap when
  the task has CAP_SYS_RAWIO. However, the mmap_min_addr sysctl value itself
  can be adjusted to 0 if euid == 0, allowing a bypass without CAP_SYS_RAWIO.
  This patch adds a check for the capability before allowing mmap_min_addr to
  be changed.

  Signed-off-by: Kees Cook
  Acked-by: Serge Hallyn
  Signed-off-by: James Morris

  Kees Cook

  2009-11-09 05:34:22 +0800  

24 Sep, 2009

1 commit

• 8d65af789   sysctl: remove "struct file *" argument of ->proc_handler ... Browse Code »

  It's unused.

  It isn't needed -- read or write flag is already passed and sysctl
  shouldn't care about the rest.

  It _was_ used in two places at arch/frv for some reason.

  Signed-off-by: Alexey Dobriyan
  Cc: David Howells
  Cc: "Eric W. Biederman"
  Cc: Al Viro
  Cc: Ralf Baechle
  Cc: Martin Schwidefsky
  Cc: Ingo Molnar
  Cc: "David S. Miller"
  Cc: James Morris
  Signed-off-by: Andrew Morton
  Signed-off-by: Linus Torvalds

  Alexey Dobriyan

  2009-09-24 22:21:04 +0800  

17 Aug, 2009

1 commit

• 788084aba   Security/SELinux: seperate lsm specific mmap_min_addr ... Browse Code »

  Currently SELinux enforcement of controls on the ability to map low memory
  is determined by the mmap_min_addr tunable. This patch causes SELinux to
  ignore the tunable and instead use a seperate Kconfig option specific to how
  much space the LSM should protect.

  The tunable will now only control the need for CAP_SYS_RAWIO and SELinux
  permissions will always protect the amount of low memory designated by
  CONFIG_LSM_MMAP_MIN_ADDR.

  This allows users who need to disable the mmap_min_addr controls (usual reason
  being they run WINE as a non-root user) to do so and still have SELinux
  controls preventing confined domains (like a web server) from being able to
  map some area of low memory.

  Signed-off-by: Eric Paris
  Signed-off-by: James Morris

  Eric Paris

  2009-08-17 13:09:11 +0800