Re: Security fix for remapping of page 0 (was [PATCH] ChangeZERO_SIZE_PTR to point at unmapped space)

[Alan Cox]

On Wed, 3 Jun 2009 14:59:51 -0400 (EDT)
Christoph Lameter <cl@xxxxxxxxxxxxxxxxxxxx> wrote:

> We could just move the check for mmap_min_addr out from
> CONFIG_SECURITY?
> 
> 
> Use mmap_min_addr indepedently of security models
> 
> This patch removes the dependency of mmap_min_addr on CONFIG_SECURITY.
> It also sets a default mmap_min_addr of 4096.
> 
> mmapping of addresses below 4096 will only be possible for processes
> with CAP_SYS_RAWIO.

This appears to break the security models as they can no longer replace
the CAP_SYS_RAWIO check with something based on the security model.

> @@ -1043,6 +1046,9 @@ unsigned long do_mmap_pgoff(struct file
>  		}
>  	}
> 
> +	if ((addr < mmap_min_addr) && !capable(CAP_SYS_RAWIO))
> +		return -EACCES;
> +

You can't move this bit here

>  	error = security_file_mmap(file, reqprot, prot, flags, addr, 0);

You need it in the default (no security) version of security_file_mmap()
in security.h not hard coded into do_mmap_pgoff, and leave the one in
cap_* alone.

So NAK - not to the idea but to the fact the patch is buggy.

Alan
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/