+++ This bug was initially created as a clone of Bug #460857 +++ Description of problem: Eugene Teo discovered that range_is_allowed() check is only added in {read,write}_mem(). It is possible for an illegitimate application to bypass these checks, and access /dev/mem beyond the 1M limit by calling mmap_mem() instead. --- Additional comment from eteo on 2008-09-02 00:07:32 EDT --- This appears to be fixed in upstream since commit e2beb3eae.
This request was evaluated by Red Hat Product Management for inclusion in a Red Hat Enterprise Linux maintenance release. Product Management has requested further review of this request by Red Hat Engineering, for potential inclusion in a Red Hat Enterprise Linux Update release for currently deployed products. This request is not yet committed for inclusion in an Update release.
Closing this BZ. We do not have a business case for 4.7.z.
Committed in 78.0.10
An advisory has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on therefore solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. http://rhn.redhat.com/errata/RHSA-2009-0014.html