I'd like to see the fedora kernel enable the null pointer hardening work
I did upstream by default.
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit...
Upstream refused to turn it on as it is known to break non-root users of
dosemu and they felt very strongly that not one user could break. It
can be easily disabled with an entry in sysctl.conf for any such users.
Certainly turning this on is something we would want to release note in
F9 (which I don't know the process to do)
This must not be applied to F8 until at least after the rebase to 2.6.24
as the 2.6.23 implementation of my hardening work is known buggy and
causes unneeded issues.
Would anyone have a problem carrying this patch in fedora? This would
be a forever fedora'ism.
---
security/security.c | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
diff --git a/security/security.c b/security/security.c
index 0e1f1f1..61787bb 100644
--- a/security/security.c
+++ b/security/security.c
@@ -23,7 +23,7 @@ extern struct security_operations dummy_security_ops;
extern void security_fixup_ops(struct security_operations *ops);
struct security_operations *security_ops; /* Initialized to NULL */
-unsigned long mmap_min_addr; /* 0 means no protection */
+unsigned long mmap_min_addr = 65536; /* protect first 64k */
static inline int verify(struct security_operations *ops)
{