512638 – kernel: security: use mmap_min_addr independently of security models [rhel-5.4]

Bug 512638 - kernel: security: use mmap_min_addr independently of security models [rhel-5.4]

Summary: kernel: security: use mmap_min_addr independently of security models [rhel-5.4]

Keywords:
Status:	CLOSED WONTFIX
Alias:	None
Product:	Red Hat Enterprise Linux 5
Classification:	Red Hat
Component:	kernel
Sub Component:
Version:	5.4
Hardware:	All
OS:	Linux
Priority:	high
Severity:	high
Target Milestone:	rc
Target Release:	---
Assignee:	Vitaly Mayatskikh
QA Contact:	Red Hat Kernel QE team
Docs Contact:
URL:
Whiteboard:
Depends On:	508842
Blocks:	512641 512642 512643
TreeView+	depends on / blocked

Reported:	2009-07-20 05:49 UTC by Eugene Teo (Security Response)
Modified:	2009-12-20 12:21 UTC (History)
CC List:	8 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Clones:	512641 512642 512643 (view as bug list)
Environment:
Last Closed:	2009-07-27 05:39:18 UTC
Target Upstream Version:
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Description Eugene Teo (Security Response) 2009-07-20 05:49:21 UTC

Description of problem:
This patch removes the dependency of mmap_min_addr on CONFIG_SECURITY. It also sets a default mmap_min_addr of 4096.

mmapping of addresses below 4096 will only be possible for processes with CAP_SYS_RAWIO.

Upstream commit:
http://git.kernel.org/linus/e0a94c2a63f2644826069044649669b5e7ca75d3

Comment 1 Eric Paris 2009-07-20 17:28:21 UTC

NAK, this is useless for RHEL.  We already build with CONFIG_SECURITY (selinux=0 does not change this)

This patch is a waste of time and fixes nothing.

Comment 2 Eugene Teo (Security Response) 2009-07-27 05:39:18 UTC

As per comment #1.

Note You need to log in before you can comment on or make changes to this bug.