Re: [PATCH] Allow Kconfig to set default mmap_min_addr protection
On Wed, Jan 02, 2008 at 06:26:07PM +0100, Jan Engelhardt wrote: > > On Jan 2 2008 12:09, Eric Paris wrote: > > > >So in the end we are all happy with the original patch I sent? > > > No objections at least :) I agree too. BTW, I've intentionally not merged it into 2.4, I prefer that admins deliberately set the sysctl on their servers than using a kernel in which they forgot it was enabled. But I agree that for wider use, the kernel option will help a lot. Regards, Willy -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: [PATCH] Allow Kconfig to set default mmap_min_addr protection
On Jan 2 2008 12:09, Eric Paris wrote: > >So in the end we are all happy with the original patch I sent? > No objections at least :) -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: [PATCH] Allow Kconfig to set default mmap_min_addr protection
On Fri, 2007-12-21 at 23:59 +0100, Jan Engelhardt wrote: > On Dec 21 2007 14:35, Greg KH wrote: > >> >> >I guess it could be, but the input for /proc/sys/vm/mmap_min_addr is > >> >> >base 10 as well > >> >> > >> >> sysfs is autobase, i.e. echo "0xb000" >/sys/foo will Do The Right Thing. > >> > > >> >yes but if you cat /proc/sys/vm/mmap_min_addr, it returns in base 10. > >> > >> sysfs should probably be tuned to output it in a preferred base. > > > >Again, this is sysctl, not sysfs. two very different things... > > > Argh... :) Just shows that /proc is the wrong place for system variables. > > Well, module_params(integer) are autobase, and that's all I needed so > far :-D So in the end we are all happy with the original patch I sent? -Eric -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: [PATCH] Allow Kconfig to set default mmap_min_addr protection
On Fri, 2007-12-21 at 23:59 +0100, Jan Engelhardt wrote: On Dec 21 2007 14:35, Greg KH wrote: I guess it could be, but the input for /proc/sys/vm/mmap_min_addr is base 10 as well sysfs is autobase, i.e. echo 0xb000 /sys/foo will Do The Right Thing. yes but if you cat /proc/sys/vm/mmap_min_addr, it returns in base 10. sysfs should probably be tuned to output it in a preferred base. Again, this is sysctl, not sysfs. two very different things... Argh... :) Just shows that /proc is the wrong place for system variables. Well, module_params(integer) are autobase, and that's all I needed so far :-D So in the end we are all happy with the original patch I sent? -Eric -- To unsubscribe from this list: send the line unsubscribe linux-kernel in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: [PATCH] Allow Kconfig to set default mmap_min_addr protection
On Jan 2 2008 12:09, Eric Paris wrote: So in the end we are all happy with the original patch I sent? No objections at least :) -- To unsubscribe from this list: send the line unsubscribe linux-kernel in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: [PATCH] Allow Kconfig to set default mmap_min_addr protection
On Wed, Jan 02, 2008 at 06:26:07PM +0100, Jan Engelhardt wrote: On Jan 2 2008 12:09, Eric Paris wrote: So in the end we are all happy with the original patch I sent? No objections at least :) I agree too. BTW, I've intentionally not merged it into 2.4, I prefer that admins deliberately set the sysctl on their servers than using a kernel in which they forgot it was enabled. But I agree that for wider use, the kernel option will help a lot. Regards, Willy -- To unsubscribe from this list: send the line unsubscribe linux-kernel in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: [PATCH] Allow Kconfig to set default mmap_min_addr protection
On Dec 21 2007 14:35, Greg KH wrote: >> >> >I guess it could be, but the input for /proc/sys/vm/mmap_min_addr is >> >> >base 10 as well >> >> >> >> sysfs is autobase, i.e. echo "0xb000" >/sys/foo will Do The Right Thing. >> > >> >yes but if you cat /proc/sys/vm/mmap_min_addr, it returns in base 10. >> >> sysfs should probably be tuned to output it in a preferred base. > >Again, this is sysctl, not sysfs. two very different things... > Argh... :) Just shows that /proc is the wrong place for system variables. Well, module_params(integer) are autobase, and that's all I needed so far :-D -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: [PATCH] Allow Kconfig to set default mmap_min_addr protection
On Fri, Dec 21, 2007 at 11:04:19PM +0100, Jan Engelhardt wrote: > > On Dec 21 2007 22:16, Willy Tarreau wrote: > >Hi Jan, > > > >> >> >+config SECURITY_DEFAULT_MMAP_MIN_ADDR > >> >> >+int "Low address space to protect from user allocation" > >> >> > >> >> Hm, should not this be 'hex'? > >> > > >> >I guess it could be, but the input for /proc/sys/vm/mmap_min_addr is > >> >base 10 as well > >> > >> sysfs is autobase, i.e. echo "0xb000" >/sys/foo will Do The Right Thing. > > > >yes but if you cat /proc/sys/vm/mmap_min_addr, it returns in base 10. > > sysfs should probably be tuned to output it in a preferred base. Again, this is sysctl, not sysfs. two very different things... -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: [PATCH] Allow Kconfig to set default mmap_min_addr protection
On Fri, Dec 21, 2007 at 10:10:24PM +0100, Jan Engelhardt wrote: > > On Dec 21 2007 15:31, Eric Paris wrote: > >On Thu, 2007-12-20 at 00:29 +0100, Jan Engelhardt wrote: > >> On Dec 19 2007 16:59, Eric Paris wrote: > >> > > >> >+config SECURITY_DEFAULT_MMAP_MIN_ADDR > >> >+int "Low address space to protect from user allocation" > >> > >> Hm, should not this be 'hex'? > > > >I guess it could be, but the input for /proc/sys/vm/mmap_min_addr is > >base 10 as well > > sysfs is autobase, i.e. echo "0xb000" >/sys/foo will Do The Right Thing. Hm, no, that is not sysfs doing this, and sysfs is not autobase in all places. That is sysctl (/proc/sys/), not sysfs. thanks, greg k-h -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: [PATCH] Allow Kconfig to set default mmap_min_addr protection
On Dec 21 2007 22:16, Willy Tarreau wrote: >Hi Jan, > >> >> >+config SECURITY_DEFAULT_MMAP_MIN_ADDR >> >> >+int "Low address space to protect from user allocation" >> >> >> >> Hm, should not this be 'hex'? >> > >> >I guess it could be, but the input for /proc/sys/vm/mmap_min_addr is >> >base 10 as well >> >> sysfs is autobase, i.e. echo "0xb000" >/sys/foo will Do The Right Thing. > >yes but if you cat /proc/sys/vm/mmap_min_addr, it returns in base 10. sysfs should probably be tuned to output it in a preferred base. -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: [PATCH] Allow Kconfig to set default mmap_min_addr protection
Hi Jan, On Fri, Dec 21, 2007 at 10:10:24PM +0100, Jan Engelhardt wrote: > > On Dec 21 2007 15:31, Eric Paris wrote: > >On Thu, 2007-12-20 at 00:29 +0100, Jan Engelhardt wrote: > >> On Dec 19 2007 16:59, Eric Paris wrote: > >> > > >> >+config SECURITY_DEFAULT_MMAP_MIN_ADDR > >> >+int "Low address space to protect from user allocation" > >> > >> Hm, should not this be 'hex'? > > > >I guess it could be, but the input for /proc/sys/vm/mmap_min_addr is > >base 10 as well > > sysfs is autobase, i.e. echo "0xb000" >/sys/foo will Do The Right Thing. yes but if you cat /proc/sys/vm/mmap_min_addr, it returns in base 10. While most of us have no problem doing an instant conversion, many people will find it painful to convert the output of cat before copying it into their .config. I'm generally for hex, but here I'd prefer to stay with the in-place format which is already decimal. And as you said, people can still write the hex value into /proc/sys if they want to. Regards, Willy -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: [PATCH] Allow Kconfig to set default mmap_min_addr protection
On Dec 21 2007 15:31, Eric Paris wrote: >On Thu, 2007-12-20 at 00:29 +0100, Jan Engelhardt wrote: >> On Dec 19 2007 16:59, Eric Paris wrote: >> > >> >+config SECURITY_DEFAULT_MMAP_MIN_ADDR >> >+int "Low address space to protect from user allocation" >> >> Hm, should not this be 'hex'? > >I guess it could be, but the input for /proc/sys/vm/mmap_min_addr is >base 10 as well sysfs is autobase, i.e. echo "0xb000" >/sys/foo will Do The Right Thing. >so I figured consistency was a good thing. Do you have >strong feelings? I guess so since you posted about it. -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: [PATCH] Allow Kconfig to set default mmap_min_addr protection
On Thu, 2007-12-20 at 00:29 +0100, Jan Engelhardt wrote: > On Dec 19 2007 16:59, Eric Paris wrote: > > > >+config SECURITY_DEFAULT_MMAP_MIN_ADDR > >+int "Low address space to protect from user allocation" > > Hm, should not this be 'hex'? I guess it could be, but the input for /proc/sys/vm/mmap_min_addr is base 10 as well so I figured consistency was a good thing. Do you have strong feelings? I guess so since you posted about it. -Eric -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: [PATCH] Allow Kconfig to set default mmap_min_addr protection
On Thu, 2007-12-20 at 00:29 +0100, Jan Engelhardt wrote: On Dec 19 2007 16:59, Eric Paris wrote: +config SECURITY_DEFAULT_MMAP_MIN_ADDR +int Low address space to protect from user allocation Hm, should not this be 'hex'? I guess it could be, but the input for /proc/sys/vm/mmap_min_addr is base 10 as well so I figured consistency was a good thing. Do you have strong feelings? I guess so since you posted about it. -Eric -- To unsubscribe from this list: send the line unsubscribe linux-kernel in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: [PATCH] Allow Kconfig to set default mmap_min_addr protection
On Dec 21 2007 15:31, Eric Paris wrote: On Thu, 2007-12-20 at 00:29 +0100, Jan Engelhardt wrote: On Dec 19 2007 16:59, Eric Paris wrote: +config SECURITY_DEFAULT_MMAP_MIN_ADDR +int Low address space to protect from user allocation Hm, should not this be 'hex'? I guess it could be, but the input for /proc/sys/vm/mmap_min_addr is base 10 as well sysfs is autobase, i.e. echo 0xb000 /sys/foo will Do The Right Thing. so I figured consistency was a good thing. Do you have strong feelings? I guess so since you posted about it. -- To unsubscribe from this list: send the line unsubscribe linux-kernel in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: [PATCH] Allow Kconfig to set default mmap_min_addr protection
Hi Jan, On Fri, Dec 21, 2007 at 10:10:24PM +0100, Jan Engelhardt wrote: On Dec 21 2007 15:31, Eric Paris wrote: On Thu, 2007-12-20 at 00:29 +0100, Jan Engelhardt wrote: On Dec 19 2007 16:59, Eric Paris wrote: +config SECURITY_DEFAULT_MMAP_MIN_ADDR +int Low address space to protect from user allocation Hm, should not this be 'hex'? I guess it could be, but the input for /proc/sys/vm/mmap_min_addr is base 10 as well sysfs is autobase, i.e. echo 0xb000 /sys/foo will Do The Right Thing. yes but if you cat /proc/sys/vm/mmap_min_addr, it returns in base 10. While most of us have no problem doing an instant conversion, many people will find it painful to convert the output of cat before copying it into their .config. I'm generally for hex, but here I'd prefer to stay with the in-place format which is already decimal. And as you said, people can still write the hex value into /proc/sys if they want to. Regards, Willy -- To unsubscribe from this list: send the line unsubscribe linux-kernel in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: [PATCH] Allow Kconfig to set default mmap_min_addr protection
On Dec 21 2007 14:35, Greg KH wrote: I guess it could be, but the input for /proc/sys/vm/mmap_min_addr is base 10 as well sysfs is autobase, i.e. echo 0xb000 /sys/foo will Do The Right Thing. yes but if you cat /proc/sys/vm/mmap_min_addr, it returns in base 10. sysfs should probably be tuned to output it in a preferred base. Again, this is sysctl, not sysfs. two very different things... Argh... :) Just shows that /proc is the wrong place for system variables. Well, module_params(integer) are autobase, and that's all I needed so far :-D -- To unsubscribe from this list: send the line unsubscribe linux-kernel in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: [PATCH] Allow Kconfig to set default mmap_min_addr protection
On Fri, Dec 21, 2007 at 10:10:24PM +0100, Jan Engelhardt wrote: On Dec 21 2007 15:31, Eric Paris wrote: On Thu, 2007-12-20 at 00:29 +0100, Jan Engelhardt wrote: On Dec 19 2007 16:59, Eric Paris wrote: +config SECURITY_DEFAULT_MMAP_MIN_ADDR +int Low address space to protect from user allocation Hm, should not this be 'hex'? I guess it could be, but the input for /proc/sys/vm/mmap_min_addr is base 10 as well sysfs is autobase, i.e. echo 0xb000 /sys/foo will Do The Right Thing. Hm, no, that is not sysfs doing this, and sysfs is not autobase in all places. That is sysctl (/proc/sys/), not sysfs. thanks, greg k-h -- To unsubscribe from this list: send the line unsubscribe linux-kernel in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: [PATCH] Allow Kconfig to set default mmap_min_addr protection
On Dec 21 2007 22:16, Willy Tarreau wrote: Hi Jan, +config SECURITY_DEFAULT_MMAP_MIN_ADDR +int Low address space to protect from user allocation Hm, should not this be 'hex'? I guess it could be, but the input for /proc/sys/vm/mmap_min_addr is base 10 as well sysfs is autobase, i.e. echo 0xb000 /sys/foo will Do The Right Thing. yes but if you cat /proc/sys/vm/mmap_min_addr, it returns in base 10. sysfs should probably be tuned to output it in a preferred base. -- To unsubscribe from this list: send the line unsubscribe linux-kernel in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: [PATCH] Allow Kconfig to set default mmap_min_addr protection
On Fri, Dec 21, 2007 at 11:04:19PM +0100, Jan Engelhardt wrote: On Dec 21 2007 22:16, Willy Tarreau wrote: Hi Jan, +config SECURITY_DEFAULT_MMAP_MIN_ADDR +int Low address space to protect from user allocation Hm, should not this be 'hex'? I guess it could be, but the input for /proc/sys/vm/mmap_min_addr is base 10 as well sysfs is autobase, i.e. echo 0xb000 /sys/foo will Do The Right Thing. yes but if you cat /proc/sys/vm/mmap_min_addr, it returns in base 10. sysfs should probably be tuned to output it in a preferred base. Again, this is sysctl, not sysfs. two very different things... -- To unsubscribe from this list: send the line unsubscribe linux-kernel in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: [PATCH] Allow Kconfig to set default mmap_min_addr protection
On Dec 19 2007 16:59, Eric Paris wrote: > >+config SECURITY_DEFAULT_MMAP_MIN_ADDR >+int "Low address space to protect from user allocation" Hm, should not this be 'hex'? >+depends on SECURITY >+default 0 >+help -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
[PATCH] Allow Kconfig to set default mmap_min_addr protection
Since it was decided that low memory protection from userspace couldn't
be turned on by default add a Kconfig option to allow users/distros to
set a default at compile time. This value is still tunable after boot
in /proc/sys/vm/mmap_min_addr
Signed-off-by: Eric Paris <[EMAIL PROTECTED]>
---
security/Kconfig| 18 ++
security/security.c |4 +++-
2 files changed, 21 insertions(+), 1 deletions(-)
diff --git a/security/Kconfig b/security/Kconfig
index 8086e61..10c9e40 100644
--- a/security/Kconfig
+++ b/security/Kconfig
@@ -103,6 +103,24 @@ config SECURITY_ROOTPLUG
If you are unsure how to answer this question, answer N.
+config SECURITY_DEFAULT_MMAP_MIN_ADDR
+int "Low address space to protect from user allocation"
+depends on SECURITY
+default 0
+help
+ This is the portion of low virtual memory which should be protected
+ from userspace allocation. Keeping a user from writing to low pages
+ can help reduce the impact of kernel NULL pointer bugs.
+
+ For most users with lots of address space a value of 65536 is
+ reasonable and should cause no problems. Programs which use vm86
+ functionality would either need additional permissions from either
+ the LSM or the capabilities module or have this protection disabled.
+
+ This value can be changed after boot using the
+ /proc/sys/vm/mmap_min_addr tunable.
+
+
source security/selinux/Kconfig
endmenu
diff --git a/security/security.c b/security/security.c
index 0e1f1f1..c784726 100644
--- a/security/security.c
+++ b/security/security.c
@@ -23,7 +23,9 @@ extern struct security_operations dummy_security_ops;
extern void security_fixup_ops(struct security_operations *ops);
struct security_operations *security_ops; /* Initialized to NULL */
-unsigned long mmap_min_addr; /* 0 means no protection */
+
+/* amount of vm to protect from userspace access */
+unsigned long mmap_min_addr = CONFIG_SECURITY_DEFAULT_MMAP_MIN_ADDR;
static inline int verify(struct security_operations *ops)
{
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
[PATCH] Allow Kconfig to set default mmap_min_addr protection
Since it was decided that low memory protection from userspace couldn't
be turned on by default add a Kconfig option to allow users/distros to
set a default at compile time. This value is still tunable after boot
in /proc/sys/vm/mmap_min_addr
Signed-off-by: Eric Paris [EMAIL PROTECTED]
---
security/Kconfig| 18 ++
security/security.c |4 +++-
2 files changed, 21 insertions(+), 1 deletions(-)
diff --git a/security/Kconfig b/security/Kconfig
index 8086e61..10c9e40 100644
--- a/security/Kconfig
+++ b/security/Kconfig
@@ -103,6 +103,24 @@ config SECURITY_ROOTPLUG
If you are unsure how to answer this question, answer N.
+config SECURITY_DEFAULT_MMAP_MIN_ADDR
+int Low address space to protect from user allocation
+depends on SECURITY
+default 0
+help
+ This is the portion of low virtual memory which should be protected
+ from userspace allocation. Keeping a user from writing to low pages
+ can help reduce the impact of kernel NULL pointer bugs.
+
+ For most users with lots of address space a value of 65536 is
+ reasonable and should cause no problems. Programs which use vm86
+ functionality would either need additional permissions from either
+ the LSM or the capabilities module or have this protection disabled.
+
+ This value can be changed after boot using the
+ /proc/sys/vm/mmap_min_addr tunable.
+
+
source security/selinux/Kconfig
endmenu
diff --git a/security/security.c b/security/security.c
index 0e1f1f1..c784726 100644
--- a/security/security.c
+++ b/security/security.c
@@ -23,7 +23,9 @@ extern struct security_operations dummy_security_ops;
extern void security_fixup_ops(struct security_operations *ops);
struct security_operations *security_ops; /* Initialized to NULL */
-unsigned long mmap_min_addr; /* 0 means no protection */
+
+/* amount of vm to protect from userspace access */
+unsigned long mmap_min_addr = CONFIG_SECURITY_DEFAULT_MMAP_MIN_ADDR;
static inline int verify(struct security_operations *ops)
{
--
To unsubscribe from this list: send the line unsubscribe linux-kernel in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Re: [PATCH] Allow Kconfig to set default mmap_min_addr protection
On Dec 19 2007 16:59, Eric Paris wrote: +config SECURITY_DEFAULT_MMAP_MIN_ADDR +int Low address space to protect from user allocation Hm, should not this be 'hex'? +depends on SECURITY +default 0 +help -- To unsubscribe from this list: send the line unsubscribe linux-kernel in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
