Re: mmap_min_addr/SECURITY_DEFAULT_MMAP_MIN_ADDR suggested values

On Mon, 23 Jun 2008 14:53:37 +0100
"Dr. David Alan Gilbert" <linux@xxxxxxxxxxx> wrote:

Hi,
The config help for SECURITY_DEFAULT_MMAP_MIN_ADDR suggests 65536
as a 'reasonable' value for x86 and the original mmap_min_addr
patches suggested that 'something like 64k' was a safe value that
wouldn't affect most programs.

Where does this 64k value come from? A number of distros seem
to have followed this advice and have it set to 64k; but is there
really any likely benefit of having it larger than PAGE_SIZE say?

there's a few things in the kernel that are bigger than 4K (or rather,
lead to pointers beyond 4K) so it's not all that bad advice.


I ask because I have an ancient program that maps stuff at 8k; the
general advice of stuff on the net seems to be to set this limit
to 0 if people have problems (I'm just lowering it to 4k),
but I was thinking perhaps using a lower default value would be more
secure since less people would take the easy answer and just turn the
feature off altogether.

interesting... what does the program do?
(applications making assumptions on where they can mmap stuff... that's
not really valid. Realistically, the only safe way to use MAP_FIXED is
on memory that you got from mmap before.. think about it: what if
glibc happened to mmap something there first?)

So I'm quite curious what/why this app is doing this


--
If you want to reach me at my work email, use arjan@xxxxxxxxxxxxxxx
For development, discussion and tips for power savings,
visit http://www.lesswatts.org
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Relevant Pages

  • Re: mmap_min_addr/SECURITY_DEFAULT_MMAP_MIN_ADDR suggested values
    ... lead to pointers beyond 4K) so it's not all that bad advice. ... the only safe way to use MAP_FIXED is ... on memory that you got from mmap before.. ... If you don't have address space randomisation and break randomisation ...
    (Linux-Kernel)
  • Re: "BEST" Pop-up
    ... Could be a "safe mode" only removal. ... If you don't wish to follow all of the advice immediately, ... using Windows XP "prettifications". ... You should at least turn on the built in firewall. ...
    (microsoft.public.security)
  • Re: 2.4 in-kernel file opening
    ... transfer their contents ping) to the user space. ... mmap() the buffer using mmapthrough the /dev/mem. ... Problem is that this is not RT safe. ... send the line "unsubscribe linux-kernel" in ...
    (Linux-Kernel)
  • Re: VERY BAD ADVICE WARNING
    ... This paradigm creates systems that are "safe" in most cases, ... An Isolation Transformer is not inherently unsafe. ... even tell if the advice they're getting is good or bad. ...
    (sci.electronics.repair)
  • Re: Im quitting the group
    ... the internet that is safe from this garbage? ... I just want to get advice ...
    (rec.running)