Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 5f46ce14 authored by maximilian attems's avatar maximilian attems Committed by James Morris
Browse files

security: enhance DEFAULT_MMAP_MIN_ADDR description 



Got burned by setting the proposed default of 65536
across all Debian archs.

Thus proposing to be more specific on which archs you may
set this. Also propose a value for arm and friends that
doesn't break sshd.

Reword to mention working archs ia64 and ppc64 too.

Signed-off-by: default avatarmaximilian attems <max@stro.at>
Cc: Martin Michlmayr <tbm@cyrius.com>
Cc: Gordon Farquharson <gordonfarquharson@gmail.com>
Acked-by: default avatarEric Paris <eparis@redhat.com>
Signed-off-by: default avatarJames Morris <jmorris@namei.org>
parent 27cc2a6e

security/Kconfig

+6 −4
Original line number Diff line number Diff line
@@ -113,10 +113,12 @@ config SECURITY_DEFAULT_MMAP_MIN_ADDR 
	  from userspace allocation.  Keeping a user from writing to low pages

	  can help reduce the impact of kernel NULL pointer bugs.



	  For most users with lots of address space a value of 65536 is

	  reasonable and should cause no problems.  Programs which use vm86

	  functionality would either need additional permissions from either

	  the LSM or the capabilities module or have this protection disabled.

	  For most ia64, ppc64 and x86 users with lots of address space

	  a value of 65536 is reasonable and should cause no problems.

	  On arm and other archs it should not be higher than 32768.

	  Programs which use vm86 functionality would either need additional

	  permissions from either the LSM or the capabilities module or have

	  this protection disabled.



	  This value can be changed after boot using the

	  /proc/sys/vm/mmap_min_addr tunable.