Bug 160812 - fixes exec-shield to not randomize to between end-of-binary and start-of-brk
fixes exec-shield to not randomize to between end-of-binary and start-of-brk
Status: CLOSED ERRATA
Product: Red Hat Enterprise Linux 4
Classification: Red Hat
Component: kernel (Show other bugs)
4.0
All Linux
medium Severity medium
: ---
: ---
Assigned To: Ingo Molnar
Brian Brock
:
Depends On:
Blocks: 156322
  Show dependency treegraph
 
Reported: 2005-06-17 10:18 EDT by Tim Burke
Modified: 2007-11-30 17:07 EST (History)
1 user (show)

See Also:
Fixed In Version: RHSA-2005-514
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2005-10-05 09:32:30 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Tim Burke 2005-06-17 10:18:41 EDT
Refer to rhkernel-list, $subject:
[rhel4 patch] heap-gap-fix2.patch
-----------------------------------
this patch fixes exec-shield to not randomize to between end-of-binary and
start-of-brk, if the first 16MB is full with DSOs. This is a rare but
possible condition that decreases exec-shield protection. (The max() is
there to make sure we have a minimum end-area of 128MB, as start_brk can
be low on PIE binaries) This patch improves the nonexec coverage of the
exec-shield when the segment limit is used. Build and boot tested.

	Ingo

--- mm/mmap.c.orig
+++ mm/mmap.c
@@ -1303,7 +1303,7 @@ unsigned long arch_get_unmapped_exec_are
 			 * as much as possible:
 			 */
 			if (addr >= 0x01000000) {
-				tmp = randomize_range(0x01000000, mm->brk, len);
+				tmp = randomize_range(0x01000000, PAGE_ALIGN(max(mm->start_brk,
0x08000000)), len);
 				vma = find_vma(mm, tmp);
 				if (TASK_SIZE - len >= tmp &&
 				    (!vma || tmp + len <= vma->vm_start))
Comment 1 Jason Baron 2005-06-20 15:28:14 EDT

*** This bug has been marked as a duplicate of 161136 ***
Comment 4 Red Hat Bugzilla 2005-10-05 09:32:31 EDT
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHSA-2005-514.html

Note You need to log in before you can comment on or make changes to this bug.