security: allow Kconfig to set default mmap_min_addr protection

Since it was decided that low memory protection from userspace couldn't
be turned on by default add a Kconfig option to allow users/distros to
set a default at compile time.  This value is still tunable after boot
in /proc/sys/vm/mmap_min_addr

Discussion:
http://www.mail-archive.com/linux-security-module@vger.kernel.org/msg02543.html

Signed-off-by: Eric Paris <eparis@redhat.com>
Signed-off-by: James Morris <jmorris@namei.org>
This commit is contained in:
Eric Paris 2008-01-31 15:11:22 -05:00 committed by James Morris
parent 551e4fb246
commit a5ecbcb8c1
2 changed files with 21 additions and 1 deletions

View file

@ -104,6 +104,24 @@ config SECURITY_ROOTPLUG
If you are unsure how to answer this question, answer N.
config SECURITY_DEFAULT_MMAP_MIN_ADDR
int "Low address space to protect from user allocation"
depends on SECURITY
default 0
help
This is the portion of low virtual memory which should be protected
from userspace allocation. Keeping a user from writing to low pages
can help reduce the impact of kernel NULL pointer bugs.
For most users with lots of address space a value of 65536 is
reasonable and should cause no problems. Programs which use vm86
functionality would either need additional permissions from either
the LSM or the capabilities module or have this protection disabled.
This value can be changed after boot using the
/proc/sys/vm/mmap_min_addr tunable.
source security/selinux/Kconfig
source security/smack/Kconfig

View file

@ -23,7 +23,9 @@ extern struct security_operations dummy_security_ops;
extern void security_fixup_ops(struct security_operations *ops);
struct security_operations *security_ops; /* Initialized to NULL */
unsigned long mmap_min_addr; /* 0 means no protection */
/* amount of vm to protect from userspace access */
unsigned long mmap_min_addr = CONFIG_SECURITY_DEFAULT_MMAP_MIN_ADDR;
static inline int verify(struct security_operations *ops)
{