forked from Minki/linux
ab5a91a836
On a kernel with CONFIG_SECURITY but without an LSM which implements security_file_mmap it is impossible for an application to mmap addresses lower than mmap_min_addr. Based on a suggestion from a developer in the openwall community this patch adds a check for CAP_SYS_RAWIO. It is assumed that any process with this capability can harm the system a lot more easily than writing some stuff on the zero page and then trying to get the kernel to trip over itself. It also means that programs like X on i686 which use vm86 emulation can work even with mmap_min_addr set. Signed-off-by: Eric Paris <eparis@redhat.com> Signed-off-by: James Morris <jmorris@namei.org> |
||
---|---|---|
.. | ||
keys | ||
selinux | ||
capability.c | ||
commoncap.c | ||
dummy.c | ||
inode.c | ||
Kconfig | ||
Makefile | ||
root_plug.c | ||
security.c |