ab5a91a836
On a kernel with CONFIG_SECURITY but without an LSM which implements security_file_mmap it is impossible for an application to mmap addresses lower than mmap_min_addr. Based on a suggestion from a developer in the openwall community this patch adds a check for CAP_SYS_RAWIO. It is assumed that any process with this capability can harm the system a lot more easily than writing some stuff on the zero page and then trying to get the kernel to trip over itself. It also means that programs like X on i686 which use vm86 emulation can work even with mmap_min_addr set. Signed-off-by: Eric Paris <eparis@redhat.com> Signed-off-by: James Morris <jmorris@namei.org> |
||
|---|---|---|
| .. | ||
| keys | ||
| selinux | ||
| Kconfig | ||
| Makefile | ||
| capability.c | ||
| commoncap.c | ||
| dummy.c | ||
| inode.c | ||
| root_plug.c | ||
| security.c | ||