Skip to content

Commit

Permalink
mmap_min_addr check CAP_SYS_RAWIO only for write
Browse files Browse the repository at this point in the history 
commit 4ae69e6 upstream.

Redirecting directly to lsm, here's the patch discussed on lkml:
http://lkml.org/lkml/2010/4/22/219

The mmap_min_addr value is useful information for an admin to see without
being root ("is my system vulnerable to kernel NULL pointer attacks?") and
its setting is trivially easy for an attacker to determine by calling
mmap() in PAGE_SIZE increments starting at 0, so trying to keep it private
has no value.

Only require CAP_SYS_RAWIO if changing the value, not reading it.

Comment from Serge :

  Me, I like to write my passwords with light blue pen on dark blue
  paper, pasted on my window - if you're going to get my password, you're
  gonna get a headache.

Signed-off-by: Kees Cook <kees.cook@canonical.com>
Acked-by: Serge Hallyn <serue@us.ibm.com>
Signed-off-by: James Morris <jmorris@namei.org>
(cherry picked from commit 822ccee)
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
  • Loading branch information
Kees Cook authored and Greg Kroah-Hartman committed May 26, 2010
1 parent 5e54866 commit 4e0a098
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion security/min_addr.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -33,7 +33,7 @@ int mmap_min_addr_handler(struct ctl_table *table, int write,
{
int ret;

if (!capable(CAP_SYS_RAWIO))
if (write && !capable(CAP_SYS_RAWIO))
return -EPERM;

ret = proc_doulongvec_minmax(table, write, buffer, lenp, ppos);
Expand Down

0 comments on commit 4e0a098

Please sign in to comment.