Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

Setting vm.mmap_min_addr for lenny?

2 views
Skip to first unread message

Florian Weimer

unread,
Aug 14, 2009, 7:20:06 AM8/14/09
to
I wonder if it makes sense to set vm.mmap_min_addr to 4096 (instead of
0) for lenny. It seems to me that unstable already made this switch,
and given the apparently neverending sequence of kernel NULL
dereferences, this might be quite helpful.


--
To UNSUBSCRIBE, email to debian-ker...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listm...@lists.debian.org

Bastian Blank

unread,
Aug 14, 2009, 8:30:11 AM8/14/09
to
Package: linux-2.6
Version: 2.6.26-18
Severity: important
Tags: security

On Fri, Aug 14, 2009 at 01:10:21PM +0200, Florian Weimer wrote:
> I wonder if it makes sense to set vm.mmap_min_addr to 4096 (instead of
> 0) for lenny. It seems to me that unstable already made this switch,
> and given the apparently neverending sequence of kernel NULL
> dereferences, this might be quite helpful.

The value of 4096 should be safe. We disabled it again, because the
proposed value of 64k just breaks arm. But this needs to be properly
checked. I'm opening a bug to handle this.

Bastian

--
"Beauty is transitory."
"Beauty survives."
-- Spock and Kirk, "That Which Survives", stardate unknown

dann frazier

unread,
Oct 21, 2009, 12:50:02 PM10/21/09
to
On Fri, Aug 14, 2009 at 01:10:21PM +0200, Florian Weimer wrote:
> I wonder if it makes sense to set vm.mmap_min_addr to 4096 (instead of
> 0) for lenny. It seems to me that unstable already made this switch,
> and given the apparently neverending sequence of kernel NULL
> dereferences, this might be quite helpful.

I didn't do this for the pending security update (which added some
other protections), but I don't think it's a bad idea. The kernel
currently recommends 65536 for x86/ia64/ppc64 and 32768 for "arm and
other archs". Though, 4096-for-all seems like a good solution to me.

I was thinking that in the pending DSA[1] we could warn users that this
default will change in the next point release, and provide
instructions for making a local configuration change now. Maybe link
to a wiki page w/ instructions, so that we can clarify/tweak later?

As for packages that need a low min_mmap_addr, should we ask them to
somehow start setting this tunable themselves (e.g., by dropping in an
/etc/sysctl.d file)? Anyone know what Ubuntu is doing here?

[1] http://svn.debian.org/wsvn/kernel-sec/dsa-texts/2.6.26-19lenny1
(currently awaiting 1 more arch build)
--
dann frazier

Moritz Muehlenhoff

unread,
Oct 21, 2009, 1:20:02 PM10/21/09
to
On 2009-10-21, dann frazier <da...@dannf.org> wrote:
> I was thinking that in the pending DSA[1] we could warn users that this
> default will change in the next point release, and provide
> instructions for making a local configuration change now. Maybe link
> to a wiki page w/ instructions, so that we can clarify/tweak later?

Sounds like a good idea.

Cheers,
Moritz

Debian Bug Tracking System

unread,
Oct 26, 2009, 4:20:05 AM10/26/09
to
Your message dated Mon, 26 Oct 2009 08:01:28 +0000
with message-id <E1N2KW8-...@ries.debian.org>
and subject line Bug#541457: fixed in linux-2.6 2.6.26-20
has caused the Debian Bug report #541457,
regarding Setting vm.mmap_min_addr for lenny?
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


--
541457: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=541457
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

0 new messages