security: set DEFAULT_MMAP_MIN_ADDR to 65536

Low address space to protect from user allocation, see a5ecbcb8c13ea8a822d243bf782d0dc9525b4f84, runtime tunable on /proc/sys/vm/mmap_min_addr. let's see if we get any fallout. double checked after Kconfig recommendation that fedora uses that recommendation too. svn path=/dists/trunk/linux-2.6/; revision=10769
2008-03-10 16:03:03 +00:00 · 2008-03-10 16:03:03 +00:00 · 38c07b2271
parent 46582e70ae
commit 38c07b2271
2 changed files with 3 additions and 0 deletions
--- a/debian/changelog
+++ b/debian/changelog
@ -30,6 +30,8 @@ linux-2.6 (2.6.25~rc5-1~experimental.1) UNRELEASED; urgency=low
  * Tighten yaird dependency. (closes: #403171)
  * Configs general cleanup, centralize USB_NET, disable IRDA_DEBUG.
  * postinst: Nuke confusing postinst message. (closes: #465512)
+  * [SECURITY]: Set DEFAULT_MMAP_MIN_ADDR to 65536 enabling low address space
+    protection from user allocation - /proc/sys/vm/mmap_min_addr tunable.

  [ Martin Michlmayr ]
  * [arm/armel] Add a kernel for Orion based devices, such as the QNAP
--- a/debian/config/config
+++ b/debian/config/config
@ -1872,6 +1872,7 @@ CONFIG_SECURITY=y
 CONFIG_SECURITY_CAPABILITIES=y
 CONFIG_SECURITY_FILE_CAPABILITIES=y
 # CONFIG_SECURITY_ROOTPLUG is not set
+CONFIG_SECURITY_DEFAULT_MMAP_MIN_ADDR=65536
 CONFIG_SECURITY_SELINUX=y
 CONFIG_SECURITY_SELINUX_BOOTPARAM=y
 CONFIG_SECURITY_SELINUX_BOOTPARAM_VALUE=0