On Wed, Nov 04, 2009 at 04:55:58PM +0100, Justin Smith wrote: > > And now we get into the fun stuff. > > > > Ever heard of 'secure by default' ? > > > > This knob is set to '0' by default. > > > > How many Linux installations actually read the above paragraph, understood > > what value it could have to set to something other than zero, and changed > > it accordingly. > > > > 'Nuff said. > > > "By default, Ubuntu 8.04 and later with a non-zero > /proc/sys/vm/mmap_min_addr setting were not vulnerable." > > Ubuntu 8.04 released in 2008 april.
And if you install something like wine, the knob is set back to 0, probably without any notice (at least in ubuntu-8.10). You don't even have to run it, just installing it is enough, if I understand the mechanism correctly. But more important is the fact that the original kernel sources have the knob set to 0 by default. Ciao, Kili