I want to turn on a part of the kernel to make SELinux checking more stringent.
mjg59 at srcf.ucam.org
Mon Jan 27 04:36:11 UTC 2014
On Sun, Jan 26, 2014 at 08:38:25PM +0000, Richard W.M. Jones wrote:
> JONESFORTH, a public domain FORTH I wrote, is written in x86 assembler
> and prefers to put its threaded interpreter at address 0.
Can you change its preference? Permitting the mapping of executable code
at address 0 makes it much easier to exploit null pointer
vulnerabilities in the kernel. Recent (within the past few years…)
kernels will refuse to let you mmap stuff below 64K or so regardless of
selinux policy, so this may break on other distributions as well.
Matthew Garrett | mjg59 at srcf.ucam.org
More information about the devel