security: use mmap_min_addr indepedently of security models

This patch removes the dependency of mmap_min_addr on CONFIG_SECURITY. It also sets a default mmap_min_addr of 4096. mmapping of addresses below 4096 will only be possible for processes with CAP_SYS_RAWIO. Signed-off-by: Christoph Lameter <cl@linux-foundation.org> Acked-by: Eric Paris <eparis@redhat.com> Looks-ok-by: Linus Torvalds <torvalds@linux-foundation.org> Signed-off-by: James Morris <jmorris@namei.org>
author: Christoph Lameter <cl@linux-foundation.org> 2009-06-03 16:04:31 -0400
committer: James Morris <jmorris@namei.org> 2009-06-03 22:07:48 -0400
commit: e0a94c2a63f2644826069044649669b5e7ca75d3 (patch)
tree: debf8a9af6ac23dadd116dc1cd1f9dcefe9629c6 /security
parent: 7d2948b1248109dbc7f4aaf9867c54b1912d494c (diff)
2 files changed, 1 insertions, 24 deletions
diff --git a/security/Kconfig b/security/Kconfig
index bb244774e9d7..d23c839038f0 100644
--- a/security/Kconfig
+++ b/security/Kconfig
@@ -110,28 +110,8 @@ config SECURITY_ROOTPLUG
          See <http://www.linuxjournal.com/article.php?sid=6279> for
          more information about this module.
-          
-          If you are unsure how to answer this question, answer N.
-config SECURITY_DEFAULT_MMAP_MIN_ADDR
-        int "Low address space to protect from user allocation"
-        depends on SECURITY
-        default 0
-        help
-          This is the portion of low virtual memory which should be protected
-          from userspace allocation.  Keeping a user from writing to low pages
-          can help reduce the impact of kernel NULL pointer bugs.
-          For most ia64, ppc64 and x86 users with lots of address space
-          a value of 65536 is reasonable and should cause no problems.
-          On arm and other archs it should not be higher than 32768.
-          Programs which use vm86 functionality would either need additional
-          permissions from either the LSM or the capabilities module or have
-          this protection disabled.
-          This value can be changed after boot using the
-          /proc/sys/vm/mmap_min_addr tunable.
+          If you are unsure how to answer this question, answer N.
 source security/selinux/Kconfig
 source security/smack/Kconfig
diff --git a/security/security.c b/security/security.c
index 5284255c5cdf..dc7674fbfc7a 100644
--- a/security/security.c
+++ b/security/security.c
@@ -26,9 +26,6 @@ extern void security_fixup_ops(struct security_operations *ops);
 struct security_operations *security_ops;       /* Initialized to NULL */
-/* amount of vm to protect from userspace access */
-unsigned long mmap_min_addr = CONFIG_SECURITY_DEFAULT_MMAP_MIN_ADDR;
 static inline int verify(struct security_operations *ops)
 {
        /* verify the security_operations structure exists */
author	Christoph Lameter <cl@linux-foundation.org>	2009-06-03 16:04:31 -0400
committer	James Morris <jmorris@namei.org>	2009-06-03 22:07:48 -0400
commit	e0a94c2a63f2644826069044649669b5e7ca75d3 (patch)
tree	debf8a9af6ac23dadd116dc1cd1f9dcefe9629c6 /security
parent	7d2948b1248109dbc7f4aaf9867c54b1912d494c (diff)

diff --git a/security/Kconfig b/security/Kconfig index bb244774e9d7..d23c839038f0 100644 --- a/security/Kconfig +++ b/security/Kconfig
@@ -110,28 +110,8 @@ config SECURITY_ROOTPLUG
110		110
111	See <http://www.linuxjournal.com/article.php?sid=6279> for	111	See <http://www.linuxjournal.com/article.php?sid=6279> for
112	more information about this module.	112	more information about this module.
113
114	If you are unsure how to answer this question, answer N.
115
116	config SECURITY_DEFAULT_MMAP_MIN_ADDR
117	int "Low address space to protect from user allocation"
118	depends on SECURITY
119	default 0
120	help
121	This is the portion of low virtual memory which should be protected
122	from userspace allocation. Keeping a user from writing to low pages
123	can help reduce the impact of kernel NULL pointer bugs.
124
125	For most ia64, ppc64 and x86 users with lots of address space
126	a value of 65536 is reasonable and should cause no problems.
127	On arm and other archs it should not be higher than 32768.
128	Programs which use vm86 functionality would either need additional
129	permissions from either the LSM or the capabilities module or have
130	this protection disabled.
131
132	This value can be changed after boot using the
133	/proc/sys/vm/mmap_min_addr tunable.
134		113
		114	If you are unsure how to answer this question, answer N.
135		115
136	source security/selinux/Kconfig	116	source security/selinux/Kconfig
137	source security/smack/Kconfig	117	source security/smack/Kconfig


diff --git a/security/security.c b/security/security.c index 5284255c5cdf..dc7674fbfc7a 100644 --- a/security/security.c +++ b/security/security.c
@@ -26,9 +26,6 @@ extern void security_fixup_ops(struct security_operations *ops);
26		26
27	struct security_operations security_ops; / Initialized to NULL */	27	struct security_operations security_ops; / Initialized to NULL */
28		28
29	/* amount of vm to protect from userspace access */
30	unsigned long mmap_min_addr = CONFIG_SECURITY_DEFAULT_MMAP_MIN_ADDR;
31
32	static inline int verify(struct security_operations *ops)	29	static inline int verify(struct security_operations *ops)
33	{	30	{
34	/* verify the security_operations structure exists */	31	/* verify the security_operations structure exists */