From owner-freebsd-current@FreeBSD.ORG Sun Sep 27 15:02:35 2009 Return-Path: Delivered-To: freebsd-current@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 4CA4C106566C for ; Sun, 27 Sep 2009 15:02:35 +0000 (UTC) (envelope-from simon@nitro.dk) Received: from mx.nitro.dk (zarniwoop.nitro.dk [83.92.207.38]) by mx1.freebsd.org (Postfix) with ESMTP id 0A84D8FC15 for ; Sun, 27 Sep 2009 15:02:35 +0000 (UTC) Received: from arthur.nitro.dk (arthur.bofh [192.168.2.3]) by mx.nitro.dk (Postfix) with ESMTP id 5B2202D4893 for ; Sun, 27 Sep 2009 15:02:34 +0000 (UTC) Received: by arthur.nitro.dk (Postfix, from userid 1000) id 496835C05; Sun, 27 Sep 2009 17:02:34 +0200 (CEST) Date: Sun, 27 Sep 2009 17:02:34 +0200 From: "Simon L. Nielsen" To: freebsd-current@freebsd.org Message-ID: <20090927150233.GH1495@arthur.nitro.dk> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.5.20 (2009-06-14) Subject: mmap zero mapping disallowed (Re: svn commit: r197537 - head/sys/vm]) X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 27 Sep 2009 15:02:35 -0000 Hey, As mentioned in the commit message FreeBSD 9 / head now does not allow mmap'ing at zero by default, and this may break some apps. If anyone encounters applications which break because of this change, please let report it so we can see if it can be fixed. It might not be possible to fix some applications, but we at least would know which applications might need a special note in the documentation. ----- Forwarded message from "Simon L. Nielsen" ----- Date: Sun, 27 Sep 2009 14:49:51 +0000 (UTC) From: "Simon L. Nielsen" To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r197537 - head/sys/vm Author: simon Date: Sun Sep 27 14:49:51 2009 New Revision: 197537 URL: http://svn.freebsd.org/changeset/base/197537 Log: Do not allow mmap with the MAP_FIXED argument to map at address zero. This is done to make it harder to exploit kernel NULL pointer security vulnerabilities. While this of course does not fix vulnerabilities, it does mitigate their impact. Note that this may break some applications, most likely emulators or similar, which for one reason or another require mapping memory at zero. This restriction can be disabled with the security.bsd.mmap_zero sysctl variable. Discussed with: rwatson, bz Tested by: bz (Wine), simon (VirtualBox) Submitted by: jhb Modified: head/sys/vm/vm_mmap.c [...] ----- End forwarded message ----- -- Simon L. Nielsen Hat: FreeBSD Security Team