From owner-freebsd-current@FreeBSD.ORG Sun Sep 27 16:35:21 2009 Return-Path: Delivered-To: freebsd-current@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id B4F91106568B; Sun, 27 Sep 2009 16:35:21 +0000 (UTC) (envelope-from rwatson@FreeBSD.org) Received: from cyrus.watson.org (cyrus.watson.org [65.122.17.42]) by mx1.freebsd.org (Postfix) with ESMTP id 8F5B78FC18; Sun, 27 Sep 2009 16:35:21 +0000 (UTC) Received: from fledge.watson.org (fledge.watson.org [65.122.17.41]) by cyrus.watson.org (Postfix) with ESMTPS id 1864B46B03; Sun, 27 Sep 2009 12:35:21 -0400 (EDT) Date: Sun, 27 Sep 2009 17:35:20 +0100 (BST) From: Robert Watson X-X-Sender: robert@fledge.watson.org To: "Simon L. Nielsen" In-Reply-To: <20090927150233.GH1495@arthur.nitro.dk> Message-ID: References: <20090927150233.GH1495@arthur.nitro.dk> User-Agent: Alpine 2.00 (BSF 1167 2008-08-23) MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed Cc: freebsd-current@freebsd.org Subject: Re: mmap zero mapping disallowed (Re: svn commit: r197537 - head/sys/vm]) X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 27 Sep 2009 16:35:21 -0000 On Sun, 27 Sep 2009, Simon L. Nielsen wrote: > As mentioned in the commit message FreeBSD 9 / head now does not allow > mmap'ing at zero by default, and this may break some apps. > > If anyone encounters applications which break because of this change, please > let report it so we can see if it can be fixed. It might not be possible to > fix some applications, but we at least would know which applications might > need a special note in the documentation. There are probably some other ways to arrange mappings at 0x0, so we'll need to dig through the system to identify them. To mind, the various executable image activators are interesting (elf, a.out, etc), but we should check other things that call VM insertion routines -- things like the more interesting 3D device drivers. At the end of the day, this is a mitigation technique, so if there are edge case non-default compiled copmonents, etc, that's fine, but it would be nice to be thorough where we can. While our automatic address selection code ever pick 0x0 as a mapping address, btw? Robert N M Watson Computer Laboratory University of Cambridge > > ----- Forwarded message from "Simon L. Nielsen" ----- > > Date: Sun, 27 Sep 2009 14:49:51 +0000 (UTC) > From: "Simon L. Nielsen" > To: src-committers@freebsd.org, svn-src-all@freebsd.org, > svn-src-head@freebsd.org > Subject: svn commit: r197537 - head/sys/vm > > Author: simon > Date: Sun Sep 27 14:49:51 2009 > New Revision: 197537 > URL: http://svn.freebsd.org/changeset/base/197537 > > Log: > Do not allow mmap with the MAP_FIXED argument to map at address zero. > This is done to make it harder to exploit kernel NULL pointer security > vulnerabilities. While this of course does not fix vulnerabilities, > it does mitigate their impact. > > Note that this may break some applications, most likely emulators or > similar, which for one reason or another require mapping memory at > zero. > > This restriction can be disabled with the security.bsd.mmap_zero > sysctl variable. > > Discussed with: rwatson, bz > Tested by: bz (Wine), simon (VirtualBox) > Submitted by: jhb > > Modified: > head/sys/vm/vm_mmap.c > > [...] > > ----- End forwarded message ----- > > -- > Simon L. Nielsen > Hat: FreeBSD Security Team > _______________________________________________ > freebsd-current@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-current > To unsubscribe, send any mail to "freebsd-current-unsubscribe@freebsd.org" >