From owner-cvs-src-old@FreeBSD.ORG  Sun Sep 27 14:50:02 2009
Return-Path: <owner-cvs-src-old@FreeBSD.ORG>
Delivered-To: cvs-src-old@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 0EA811065749
	for <cvs-src-old@freebsd.org>; Sun, 27 Sep 2009 14:50:02 +0000 (UTC)
	(envelope-from simon@FreeBSD.org)
Received: from repoman.freebsd.org (repoman.freebsd.org
	[IPv6:2001:4f8:fff6::29])
	by mx1.freebsd.org (Postfix) with ESMTP id E6FDD8FC15
	for <cvs-src-old@freebsd.org>; Sun, 27 Sep 2009 14:50:01 +0000 (UTC)
Received: from repoman.freebsd.org (localhost [127.0.0.1])
	by repoman.freebsd.org (8.14.3/8.14.3) with ESMTP id n8REo18x006867
	for <cvs-src-old@freebsd.org>; Sun, 27 Sep 2009 14:50:01 GMT
	(envelope-from simon@repoman.freebsd.org)
Received: (from svn2cvs@localhost)
	by repoman.freebsd.org (8.14.3/8.14.3/Submit) id n8REo1H2006866
	for cvs-src-old@freebsd.org; Sun, 27 Sep 2009 14:50:01 GMT
	(envelope-from simon@repoman.freebsd.org)
Message-Id: <200909271450.n8REo1H2006866@repoman.freebsd.org>
X-Authentication-Warning: repoman.freebsd.org: svn2cvs set sender to
	simon@repoman.freebsd.org using -f
From: "Simon L. Nielsen" <simon@FreeBSD.org>
Date: Sun, 27 Sep 2009 14:49:51 +0000 (UTC)
To: cvs-src-old@freebsd.org
X-FreeBSD-CVS-Branch: HEAD
Subject: cvs commit: src/sys/vm vm_mmap.c
X-BeenThere: cvs-src-old@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: **OBSOLETE** CVS commit messages for the src tree
	<cvs-src-old.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/cvs-src-old>,
	<mailto:cvs-src-old-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/cvs-src-old>
List-Post: <mailto:cvs-src-old@freebsd.org>
List-Help: <mailto:cvs-src-old-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/cvs-src-old>,
	<mailto:cvs-src-old-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 27 Sep 2009 14:50:02 -0000

simon       2009-09-27 14:49:51 UTC

  FreeBSD src repository

  Modified files:
    sys/vm               vm_mmap.c 
  Log:
  SVN rev 197537 on 2009-09-27 14:49:51Z by simon
  
  Do not allow mmap with the MAP_FIXED argument to map at address zero.
  This is done to make it harder to exploit kernel NULL pointer security
  vulnerabilities.  While this of course does not fix vulnerabilities,
  it does mitigate their impact.
  
  Note that this may break some applications, most likely emulators or
  similar, which for one reason or another require mapping memory at
  zero.
  
  This restriction can be disabled with the security.bsd.mmap_zero
  sysctl variable.
  
  Discussed with: rwatson, bz
  Tested by:      bz (Wine), simon (VirtualBox)
  Submitted by:   jhb
  
  Revision  Changes    Path
  1.235     +18 -1     src/sys/vm/vm_mmap.c