Author: maks Date: Mon Mar 10 16:03:03 2008 New Revision: 10769 Log: security: set DEFAULT_MMAP_MIN_ADDR to 65536
Low address space to protect from user allocation, see a5ecbcb8c13ea8a822d243bf782d0dc9525b4f84, runtime tunable on /proc/sys/vm/mmap_min_addr. let's see if we get any fallout. double checked after Kconfig recommendation that fedora uses that recommendation too. Modified: dists/trunk/linux-2.6/debian/changelog dists/trunk/linux-2.6/debian/config/config Modified: dists/trunk/linux-2.6/debian/changelog ============================================================================== --- dists/trunk/linux-2.6/debian/changelog (original) +++ dists/trunk/linux-2.6/debian/changelog Mon Mar 10 16:03:03 2008 @@ -30,6 +30,8 @@ * Tighten yaird dependency. (closes: #403171) * Configs general cleanup, centralize USB_NET, disable IRDA_DEBUG. * postinst: Nuke confusing postinst message. (closes: #465512) + * [SECURITY]: Set DEFAULT_MMAP_MIN_ADDR to 65536 enabling low address space + protection from user allocation - /proc/sys/vm/mmap_min_addr tunable. [ Martin Michlmayr ] * [arm/armel] Add a kernel for Orion based devices, such as the QNAP Modified: dists/trunk/linux-2.6/debian/config/config ============================================================================== --- dists/trunk/linux-2.6/debian/config/config (original) +++ dists/trunk/linux-2.6/debian/config/config Mon Mar 10 16:03:03 2008 @@ -1872,6 +1872,7 @@ CONFIG_SECURITY_CAPABILITIES=y CONFIG_SECURITY_FILE_CAPABILITIES=y # CONFIG_SECURITY_ROOTPLUG is not set +CONFIG_SECURITY_DEFAULT_MMAP_MIN_ADDR=65536 CONFIG_SECURITY_SELINUX=y CONFIG_SECURITY_SELINUX_BOOTPARAM=y CONFIG_SECURITY_SELINUX_BOOTPARAM_VALUE=0 _______________________________________________ Kernel-svn-changes mailing list Kernel-svn-changes@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/kernel-svn-changes