Ubuntu
linux package

CONFIG_SECURITY_DEFAULT_MMAP_MIN_ADDR needs to be set

Bug #344955 reported by Kees Cook
4
Affects Status Importance Assigned to Milestone
linux (Ubuntu)
Fix Released
High
Tim Gardner
Ubuntu ubuntu-9.04-beta
procps (Ubuntu)
Fix Released
Medium
Kees Cook
Ubuntu ubuntu-9.04-beta

Bug Description

The upstream defaults for CONFIG_SECURITY_DEFAULT_MMAP_MIN_ADDR on x86 and x86_64 are now 65536[1]. Other archs do not have a default, so we should address this more directly in the kernel builds since the kernels know what arch they are already :) This will also let us avoid a default being set in procps.

The values should[2] be set as follows:

ia64, x86, x86_64, ppc64:

CONFIG_SECURITY_DEFAULT_MMAP_MIN_ADDR=65536

all other archs, especially arm:

CONFIG_SECURITY_DEFAULT_MMAP_MIN_ADDR=32768

[1] http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=blob;f=arch/x86/configs/i386_defconfig;h=edba00d98ac352b5b8ae363a091446ab031d3537;hb=HEAD
[2] http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=blob;f=security/Kconfig;h=9438535d7fd0f2bec51905538bd27b7f73f3ad25;hb=HEAD

Kees Cook (kees)
Changed in procps:
assignee: nobody → kees
importance: Undecided → Medium
status: New → Triaged
Changed in linux:
assignee: nobody → timg-tpi
importance: Undecided → High
milestone: none → ubuntu-9.04-beta
status: New → In Progress
Changed in procps:
milestone: none → ubuntu-9.04-beta
Revision history for this message
Tim Gardner (timg-tpi) wrote :

http://kernel.ubuntu.com/git?p=ubuntu/ubuntu-jaunty.git;a=commit;h=a026f39086ca5582ba25476db4a8ba0430f15d8e

Changed in linux (Ubuntu):
status: In Progress → Fix Committed
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package linux - 2.6.28-11.35

---------------
linux (2.6.28-11.35) jaunty; urgency=low

  [ Amit Kucheria ]

  * Updating imx51 configs

  [ Andy Whitcroft ]

  * SAUCE: hotkey quirks for various Zeptro Znote and Fujitsu Amilo laptops
    - LP: #330259

  [ Tim Gardner ]

  * Revert "SAUCE: (drop after 2.6.28) eCryptfs: Don't encrypt file key
    with filename key". Use upstream commit.
  * CONFIG_SECURITY_DEFAULT_MMAP_MIN_ADDR set to upstream defaults.
    64K for x86'en, 32K for ARM
    - LP: #344955

  [ Upstream Kernel Changes ]

  * eCryptfs: don't encrypt file key with filename key
  * libata: set NODEV_HINT for 0x7f status
    - LP: #293218
  * USB: cdc-acm: Add another conexant modem to the quirks
    - LP: #323829
  * Input: elantech - touchpad driver miss-recognising logitech mice
    - LP: #318722

 -- Tim Gardner <email address hidden> Wed, 18 Mar 2009 08:52:46 -0600

Changed in linux:
status: Fix Committed → Fix Released
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package procps - 1:3.2.7-11ubuntu2

---------------
procps (1:3.2.7-11ubuntu2) jaunty; urgency=low

  * debian/{preinst,postinst,postrm}: drop sysctl.d/10-process-security.conf
    now that the defaults are carried in the kernel configurations
    (LP: #344955).

 -- Kees Cook <email address hidden> Wed, 18 Mar 2009 14:52:48 -0700

Changed in procps:
status: Triaged → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.