forge/linux-uconsole
1
0
Fork 0
Code Issues 1 Pull requests Projects Releases Packages Wiki Activity Actions
linux-uconsole/security
History
Kees Cook c907edc64f sysctl: require CAP_SYS_RAWIO to set mmap_min_addr 
commit 0e1a6ef2de upstream.

Currently the mmap_min_addr value can only be bypassed during mmap when
the task has CAP_SYS_RAWIO.  However, the mmap_min_addr sysctl value itself
can be adjusted to 0 if euid == 0, allowing a bypass without CAP_SYS_RAWIO.
This patch adds a check for the capability before allowing mmap_min_addr to
be changed.

Signed-off-by: Kees Cook <kees.cook@canonical.com>
Acked-by: Serge Hallyn <serue@us.ibm.com>
Signed-off-by: James Morris <jmorris@namei.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
2010-04-01 15:58:16 -07:00
..
integrity/ima ima: replace GFP_KERNEL with GFP_NOFS 2009-11-19 08:42:01 +11:00
keys Keys: KEYCTL_SESSION_TO_PARENT needs TIF_NOTIFY_RESUME architecture support 2010-01-06 15:04:46 -08:00
selinux netlabel: fix export of SELinux categories > 127 2010-03-15 08:49:34 -07:00
smack seq_file: constify seq_operations 2009-09-23 07:39:29 -07:00
tomoyo
capability.c
commoncap.c
device_cgroup.c cgroups: let ss->can_attach and ss->attach do whole threadgroups at a time 2009-09-24 07:20:58 -07:00
inode.c
Kconfig
lsm_audit.c lsm: Use a compressed IPv6 string format in audit events 2009-09-24 03:50:26 -04:00
Makefile NOMMU: Optimise away the {dac_,}mmap_min_addr tests 2010-01-06 15:04:30 -08:00
min_addr.c sysctl: require CAP_SYS_RAWIO to set mmap_min_addr 2010-04-01 15:58:16 -07:00
root_plug.c
security.c