• Eric Paris's avatar
    security: Protection for exploiting null dereference using mmap · ed032189
    Eric Paris authored
    Add a new security check on mmap operations to see if the user is attempting
    to mmap to low area of the address space.  The amount of space protected is
    indicated by the new proc tunable /proc/sys/vm/mmap_min_addr and defaults to
    0, preserving existing behavior.
    
    This patch uses a new SELinux security class "memprotect."  Policy already
    contains a number of allow rules like a_t self:process * (unconfined_t being
    one of them) which mean that putting this check in the process class (its
    best current fit) would make it useless as all user processes, which we also
    want to protect against, would be allowed. By taking the memprotect name of
    the new class it will also make it possible for us to move some of the other
    memory protect permissions out of 'process' and into the new class next time
    we bump the policy version number (which I also think is a good future idea)
    Acked-by: default avatarStephen Smalley <sds@tycho.nsa.gov>
    Acked-by: default avatarChris Wright <chrisw@sous-sol.org>
    Signed-off-by: default avatarEric Paris <eparis@redhat.com>
    Signed-off-by: default avatarJames Morris <jmorris@namei.org>
    ed032189
av_perm_to_string.h 9.48 KB