On Sat, 2012-12-29 at 15:00 +0400, Andrey Vagin wrote: > The address should be bigger than dac_mmap_min_addr, because > a process with CAP_RAWIO can map a vma bellow mmap_min_addr.
NAK This doesn't make any sense. dac_mmap_min_addr should ONLY be used in security/min_addr.c and security/commoncap.c. Period. You should not be allowed to circumvent LSM protections. Maybe you are missing that mmap_min_addr = max(dac_mmap_min_addr, CONFIG_LSM_MMAP_MIN_ADDR) ? But this patch is absolutely unacceptable. Maybe you can help me understand what problem you had and what you were hoping for? -Eric > > Cc: Andrew Morton <a...@linux-foundation.org> > Cc: Kees Cook <keesc...@chromium.org> > Cc: Cyrill Gorcunov <gorcu...@openvz.org> > Cc: Serge Hallyn <serge.hal...@canonical.com> > Cc: "Eric W. Biederman" <ebied...@xmission.com> > Cc: Eric Paris <epa...@redhat.com> > Cc: James Morris <jmor...@namei.org> > Signed-off-by: Andrey Vagin <ava...@openvz.org> > --- > kernel/sys.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/kernel/sys.c b/kernel/sys.c > index 265b376..e0e1bbd 100644 > --- a/kernel/sys.c > +++ b/kernel/sys.c > @@ -1868,7 +1868,7 @@ static int prctl_set_mm(int opt, unsigned long addr, > if (opt == PR_SET_MM_EXE_FILE) > return prctl_set_mm_exe_file(mm, (unsigned int)addr); > > - if (addr >= TASK_SIZE || addr < mmap_min_addr) > + if (addr >= TASK_SIZE || addr < dac_mmap_min_addr) > return -EINVAL; > > error = -EINVAL; -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
