On Thu, 2007-12-13 at 10:07 -0600, Eric Sandeen wrote:
Eric Paris wrote:
> I'd like to see the fedora kernel enable the null pointer hardening work
> I did upstream by default.
>
>
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit...
>
> Upstream refused to turn it on as it is known to break non-root users of
> dosemu and they felt very strongly that not one user could break. It
> can be easily disabled with an entry in sysctl.conf for any such users.
> Certainly turning this on is something we would want to release note in
> F9 (which I don't know the process to do)
>
> This must not be applied to F8 until at least after the rebase to 2.6.24
> as the 2.6.23 implementation of my hardening work is known buggy and
> causes unneeded issues.
>
> Would anyone have a problem carrying this patch in fedora? This would
> be a forever fedora'ism.
Couldn't this default value be a kernel config option?
(CONFIG_DEFAULT_MMAP_MIN_ADDR) or something less verbose...
Sounds like a better idea to me. I'll push something like that
upstream. And when you see it in a distro near you, lets turn it on!
-Eric