I want to turn on a part of the kernel to make SELinux checking more stringent.

Matthew Garrett mjg59 at srcf.ucam.org
Mon Jan 27 04:36:11 UTC 2014

On Sun, Jan 26, 2014 at 08:38:25PM +0000, Richard W.M. Jones wrote:

> JONESFORTH, a public domain FORTH I wrote, is written in x86 assembler
> and prefers to put its threaded interpreter at address 0.

Can you change its preference? Permitting the mapping of executable code 
at address 0 makes it much easier to exploit null pointer 
vulnerabilities in the kernel. Recent (within the past few years…) 
kernels will refuse to let you mmap stuff below 64K or so regardless of 
selinux policy, so this may break on other distributions as well.

Matthew Garrett | mjg59 at srcf.ucam.org

More information about the devel mailing list