Re: [PATCH 1/2] LSM: Do not apply mmap_min_addr check to PROT_NONE
From: Gregory Sahanovitch
Date: Fri Oct 28 2011 - 09:36:38 EST
> It's exactly the case that I did mention: an application's own attempt to
> ensure robustness by doing a PROT_NONE mmap of the [0,0x10000) region. An
> application cannot presume that this region is already precluded from being
> used by any non-MAP_FIXED mmap across all systems and configurations, so
> it's defensive coding to explicitly block it off with a PROT_NONE mapping.
I don't see a realistic threat model in the example you give.
Since mmap_min_addr is used to prevent a *malicious* process from
maping the zero page and then taking advantage of a user-pointer
dereference in the *kernel code*, I do not see what you gain by
guaranteeing that the application *that you control* would never
exploit such a vulnerability?
Sorry if I'm being thick, but it would be helpful to me if you clarify.
--
- Greg
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/