Quoting john (lists.j...@gmail.com): > I see that there is another null pointer dereference flaw being talked about. > http://www.theregister.co.uk/2009/11/03/linux_kernel_vulnerability/ > > It looks like we can take step in Debian 5.0 to mitigate this threat by > setting > echvm.mmap_min_addr = 4096 > > per http://wiki.debian.org/mmap_min_addr > > I am running some servers running Debian 4.0. I doesn't look like > there is a /etc/sysctl.d/mmap_min_addr.conf to edit. Where are these > values stored > under Debian 4.0.
John, I believe you can/should just put vm.mmap_min_addr = 4096 at the bottom of /etc/sysctl.conf, and then re-run (as root) "sysctl -p" to load values from that file. You can verify that the appropriate /proc value has been set by doing cat /proc/sys/vm/mmap_min_addr Should now be "4096", rather than the distro default of "0". As you know, BitBake, dosemu (run by non-root users), WINE (if running Win16 apps), and qemu are the applications thus far identified that need to be able to mmap to low memory addresses, necessitating low vm.mmap_min_addr AKA /proc/sys/vm/mmap_min_addr values. -- To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
