Re: Debian 4.0 and mmap_min_addr null pointer dereference flaw

To: debian-security@lists.debian.org
Subject: Re: Debian 4.0 and mmap_min_addr null pointer dereference flaw
From: Rick Moen <rick@linuxmafia.com>
Date: Wed, 4 Nov 2009 09:31:36 -0800
Message-id: <20091104173136.GB21475@linuxmafia.com>
In-reply-to: <2be970b50911040905m299e6dceq2f7fad8809811f5e@mail.gmail.com>
References: <2be970b50911040905m299e6dceq2f7fad8809811f5e@mail.gmail.com>

Quoting john (lists.john@gmail.com):

> I see that there is another null pointer dereference flaw being talked about.
> http://www.theregister.co.uk/2009/11/03/linux_kernel_vulnerability/
> 
> It looks like we can take step in Debian 5.0 to mitigate this threat by setting
> echvm.mmap_min_addr = 4096
> 
> per http://wiki.debian.org/mmap_min_addr
> 
> I am running some servers running Debian 4.0. I doesn't look like
> there is a /etc/sysctl.d/mmap_min_addr.conf to edit. Where are these
> values stored
> under Debian 4.0.

John, I believe you can/should just put 

  vm.mmap_min_addr = 4096

at the bottom of /etc/sysctl.conf, and then re-run (as root) "sysctl -p"
to load values from that file.  You can verify that the appropriate
/proc value has been set by doing

  cat /proc/sys/vm/mmap_min_addr

Should now be "4096", rather than the distro default of "0".

As you know, BitBake, dosemu (run by non-root users), WINE (if running
Win16 apps), and qemu are the applications thus far identified that need
to be able to mmap to low memory addresses, necessitating low
vm.mmap_min_addr AKA /proc/sys/vm/mmap_min_addr values.

Reply to:

References:
- Debian 4.0 and mmap_min_addr null pointer dereference flaw
  - From: john <lists.john@gmail.com>

Prev by Date: Re: Debian 4.0 and mmap_min_addr null pointer dereference flaw
Next by Date: [DSA 1916-1] New kdelibs packages
Previous by thread: Re: Debian 4.0 and mmap_min_addr null pointer dereference flaw
Next by thread: [DSA 1916-1] New kdelibs packages
Index(es):
- Date
- Thread