aboutsummaryrefslogtreecommitdiffstats
path: root/Documentation/sysctl/vm.txt
diff options
context:
space:
mode:
authorEric Paris <eparis@redhat.com>2007-06-28 15:55:21 -0400
committerJames Morris <jmorris@namei.org>2007-07-11 22:52:29 -0400
commited0321895182ffb6ecf210e066d87911b270d587 (patch)
tree832bb54666f73b06e55322df40f915c5e9ef64d7 /Documentation/sysctl/vm.txt
parent13bddc2e9d591e31bf20020dc19ea6ca85de420e (diff)
security: Protection for exploiting null dereference using mmap
Add a new security check on mmap operations to see if the user is attempting to mmap to low area of the address space. The amount of space protected is indicated by the new proc tunable /proc/sys/vm/mmap_min_addr and defaults to 0, preserving existing behavior. This patch uses a new SELinux security class "memprotect." Policy already contains a number of allow rules like a_t self:process * (unconfined_t being one of them) which mean that putting this check in the process class (its best current fit) would make it useless as all user processes, which we also want to protect against, would be allowed. By taking the memprotect name of the new class it will also make it possible for us to move some of the other memory protect permissions out of 'process' and into the new class next time we bump the policy version number (which I also think is a good future idea) Acked-by: Stephen Smalley <sds@tycho.nsa.gov> Acked-by: Chris Wright <chrisw@sous-sol.org> Signed-off-by: Eric Paris <eparis@redhat.com> Signed-off-by: James Morris <jmorris@namei.org>
Diffstat (limited to 'Documentation/sysctl/vm.txt')
-rw-r--r--Documentation/sysctl/vm.txt15
1 files changed, 15 insertions, 0 deletions
diff --git a/Documentation/sysctl/vm.txt b/Documentation/sysctl/vm.txt
index 1d192565e182..8cfca173d4bc 100644
--- a/Documentation/sysctl/vm.txt
+++ b/Documentation/sysctl/vm.txt
@@ -31,6 +31,7 @@ Currently, these files are in /proc/sys/vm:
31- min_unmapped_ratio 31- min_unmapped_ratio
32- min_slab_ratio 32- min_slab_ratio
33- panic_on_oom 33- panic_on_oom
34- mmap_min_address
34 35
35============================================================== 36==============================================================
36 37
@@ -216,3 +217,17 @@ above-mentioned.
216The default value is 0. 217The default value is 0.
2171 and 2 are for failover of clustering. Please select either 2181 and 2 are for failover of clustering. Please select either
218according to your policy of failover. 219according to your policy of failover.
220
221==============================================================
222
223mmap_min_addr
224
225This file indicates the amount of address space which a user process will
226be restricted from mmaping. Since kernel null dereference bugs could
227accidentally operate based on the information in the first couple of pages
228of memory userspace processes should not be allowed to write to them. By
229default this value is set to 0 and no protections will be enforced by the
230security module. Setting this value to something like 64k will allow the
231vast majority of applications to work correctly and provide defense in depth
232against future potential kernel bugs.
233