On Wed, Nov 04, 2009 at 04:55:58PM +0100, Justin Smith wrote:
> > And now we get into the fun stuff.
> >
> > Ever heard of 'secure by default' ?
> >
> > This knob is set to '0' by default.
> >
> > How many Linux installations actually read the above paragraph, understood
> > what value it could have to set to something other than zero, and changed
> > it accordingly.
> >
> > 'Nuff said.
>
>
> "By default, Ubuntu 8.04 and later with a non-zero
> /proc/sys/vm/mmap_min_addr setting were not vulnerable."
>
> Ubuntu 8.04 released in 2008 april.
And if you install something like wine, the knob is set back to 0,
probably without any notice (at least in ubuntu-8.10). You don't
even have to run it, just installing it is enough, if I understand
the mechanism correctly.
But more important is the fact that the original kernel sources
have the knob set to 0 by default.
Ciao,
Kili
