Re: [PATCH 1/2] LSM: Do not apply mmap_min_addr check to PROT_NONE

From: Gregory Sahanovitch
Date: Fri Oct 28 2011 - 09:36:38 EST

Next message: Linus Walleij: "[PATCH] aout: depend on linux or __KERNEL__"
Previous message: Yong Zhang: "Re: [Known BUG?] i915 hang on 3.0.0-12 (Ubuntu 11.10 release)"
Next in thread: Roland McGrath: "Re: [PATCH 1/2] LSM: Do not apply mmap_min_addr check to PROT_NONE"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> It's exactly the case that I did mention: an application's own attempt to
> ensure robustness by doing a PROT_NONE mmap of the [0,0x10000) region. An
> application cannot presume that this region is already precluded from being
> used by any non-MAP_FIXED mmap across all systems and configurations, so
> it's defensive coding to explicitly block it off with a PROT_NONE mapping.

I don't see a realistic threat model in the example you give.

Since mmap_min_addr is used to prevent a *malicious* process from
maping the zero page and then taking advantage of a user-pointer
dereference in the *kernel code*, I do not see what you gain by
guaranteeing that the application *that you control* would never
exploit such a vulnerability?

Sorry if I'm being thick, but it would be helpful to me if you clarify.

--
- Greg
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Linus Walleij: "[PATCH] aout: depend on linux or __KERNEL__"
Previous message: Yong Zhang: "Re: [Known BUG?] i915 hang on 3.0.0-12 (Ubuntu 11.10 release)"
Next in thread: Roland McGrath: "Re: [PATCH 1/2] LSM: Do not apply mmap_min_addr check to PROT_NONE"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]