Date: Fri, 2 Oct 2009 17:48:51 +0000 (UTC) From: "Bjoern A. Zeeb" <bz@FreeBSD.org> To: cvs-src-old@freebsd.org Subject: cvs commit: src/sys/kern init_main.c kern_exec.c Message-ID: <200910021749.n92Hn7aX056068@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
bz 2009-10-02 17:48:51 UTC
FreeBSD src repository
Modified files:
sys/kern init_main.c kern_exec.c
Log:
SVN rev 197711 on 2009-10-02 17:48:51Z by bz
Add a mitigation feature that will prevent user mappings at
virtual address 0, limiting the ability to convert a kernel
NULL pointer dereference into a privilege escalation attack.
If the sysctl is set to 0 a newly started process will not be able
to map anything in the address range of the first page (0 to PAGE_SIZE).
This is the default. Already running processes are not affected by this.
You can either change the sysctl or the tunable from loader in case
you need to map at a virtual address of 0, for example when running
any of the extinct species of a set of a.out binaries, vm86 emulation, ..
In that case set security.bsd.map_at_zero="1".
Superseeds: r197537
In collaboration with: jhb, kib, alc
Revision Changes Path
1.306 +5 -0 src/sys/kern/init_main.c
1.339 +12 -3 src/sys/kern/kern_exec.c
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200910021749.n92Hn7aX056068>