aha/security
Kees Cook 0e1a6ef2de sysctl: require CAP_SYS_RAWIO to set mmap_min_addr
Currently the mmap_min_addr value can only be bypassed during mmap when
the task has CAP_SYS_RAWIO.  However, the mmap_min_addr sysctl value itself
can be adjusted to 0 if euid == 0, allowing a bypass without CAP_SYS_RAWIO.
This patch adds a check for the capability before allowing mmap_min_addr to
be changed.

Signed-off-by: Kees Cook <kees.cook@canonical.com>
Acked-by: Serge Hallyn <serue@us.ibm.com>
Signed-off-by: James Morris <jmorris@namei.org>
2009-11-09 08:34:22 +11:00
..
integrity/ima LSM: imbed ima calls in the security hooks 2009-10-25 12:22:48 +08:00
keys KEYS: Have the garbage collector set its timer for live expired keys 2009-09-23 11:03:47 -07:00
selinux SELinux: add .gitignore files for dynamic classes 2009-10-24 09:42:27 +08:00
smack seq_file: constify seq_operations 2009-09-23 07:39:29 -07:00
tomoyo tomoyo: improve hash bucket dispersion 2009-10-29 11:17:33 +11:00
capability.c LSM: Add security_path_chroot(). 2009-10-12 10:56:02 +11:00
commoncap.c security: remove root_plug 2009-10-20 14:26:16 +09:00
device_cgroup.c cgroups: let ss->can_attach and ss->attach do whole threadgroups at a time 2009-09-24 07:20:58 -07:00
inode.c securityfs: securityfs_remove should handle IS_ERR pointers 2009-05-12 11:06:11 +10:00
Kconfig security: remove root_plug 2009-10-20 14:26:16 +09:00
lsm_audit.c lsm: Use a compressed IPv6 string format in audit events 2009-09-24 03:50:26 -04:00
Makefile security: remove root_plug 2009-10-20 14:26:16 +09:00
min_addr.c sysctl: require CAP_SYS_RAWIO to set mmap_min_addr 2009-11-09 08:34:22 +11:00
security.c LSM: imbed ima calls in the security hooks 2009-10-25 12:22:48 +08:00