)]}' { "log": [ { "commit": "4ae69e6b718589abe97c9625ccbb1e0bc95a8c0e", "tree": "b669aade412fd2a81af6c9a7c0bcee580c7b31cb", "parents": [ "6a251b0ab67989f468f4cb65179e0cf40cf8c295" ], "author": { "name": "Kees Cook", "email": "kees.cook@canonical.com", "time": "Thu Apr 22 12:19:17 2010 -0700" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Fri May 14 19:03:15 2010 +1000" }, "message": "mmap_min_addr check CAP_SYS_RAWIO only for write\n\nRedirecting directly to lsm, here\u0027s the patch discussed on lkml:\nhttp://lkml.org/lkml/2010/4/22/219\n\nThe mmap_min_addr value is useful information for an admin to see without\nbeing root (\"is my system vulnerable to kernel NULL pointer attacks?\") and\nits setting is trivially easy for an attacker to determine by calling\nmmap() in PAGE_SIZE increments starting at 0, so trying to keep it private\nhas no value.\n\nOnly require CAP_SYS_RAWIO if changing the value, not reading it.\n\nComment from Serge :\n\n Me, I like to write my passwords with light blue pen on dark blue\n paper, pasted on my window - if you\u0027re going to get my password, you\u0027re\n gonna get a headache.\n\nSigned-off-by: Kees Cook \u003ckees.cook@canonical.com\u003e\nAcked-by: Serge Hallyn \u003cserue@us.ibm.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n(cherry picked from commit 822cceec7248013821d655545ea45d1c6a9d15b3)\n" }, { "commit": "dd880fbe8e4792d1185a5101dc751f49eab0a509", "tree": "c72673ed9e20c1967becd4118c77476406370d05", "parents": [ "fa1cc7b5a5c4171dfdcac855428295340ccf87ec" ], "author": { "name": "H Hartley Sweeten", "email": "hartleys@visionengravers.com", "time": "Tue Dec 15 15:05:12 2009 -0800" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Thu Dec 17 09:24:22 2009 +1100" }, "message": "security/min_addr.c: make init_mmap_min_addr() static\n\ninit_mmap_min_addr() is a pure_initcall and should be static.\n\nSigned-off-by: H Hartley Sweeten \u003chsweeten@visionengravers.com\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "0e1a6ef2dea88101b056b6d9984f3325c5efced3", "tree": "bef312c242dd472ca00f0dc8bcebee4f094a85e3", "parents": [ "31bde71c202722a76686c3cf69a254c8a912275a" ], "author": { "name": "Kees Cook", "email": "kees.cook@canonical.com", "time": "Sun Nov 08 09:37:00 2009 -0800" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Nov 09 08:34:22 2009 +1100" }, "message": "sysctl: require CAP_SYS_RAWIO to set mmap_min_addr\n\nCurrently the mmap_min_addr value can only be bypassed during mmap when\nthe task has CAP_SYS_RAWIO. However, the mmap_min_addr sysctl value itself\ncan be adjusted to 0 if euid \u003d\u003d 0, allowing a bypass without CAP_SYS_RAWIO.\nThis patch adds a check for the capability before allowing mmap_min_addr to\nbe changed.\n\nSigned-off-by: Kees Cook \u003ckees.cook@canonical.com\u003e\nAcked-by: Serge Hallyn \u003cserue@us.ibm.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "8d65af789f3e2cf4cfbdbf71a0f7a61ebcd41d38", "tree": "121df3bfffc7853ac6d2c514ad514d4a748a0933", "parents": [ "c0d0787b6d47d9f4d5e8bd321921104e854a9135" ], "author": { "name": "Alexey Dobriyan", "email": "adobriyan@gmail.com", "time": "Wed Sep 23 15:57:19 2009 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Thu Sep 24 07:21:04 2009 -0700" }, "message": "sysctl: remove \"struct file *\" argument of -\u003eproc_handler\n\nIt\u0027s unused.\n\nIt isn\u0027t needed -- read or write flag is already passed and sysctl\nshouldn\u0027t care about the rest.\n\nIt _was_ used in two places at arch/frv for some reason.\n\nSigned-off-by: Alexey Dobriyan \u003cadobriyan@gmail.com\u003e\nCc: David Howells \u003cdhowells@redhat.com\u003e\nCc: \"Eric W. Biederman\" \u003cebiederm@xmission.com\u003e\nCc: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\nCc: Ralf Baechle \u003cralf@linux-mips.org\u003e\nCc: Martin Schwidefsky \u003cschwidefsky@de.ibm.com\u003e\nCc: Ingo Molnar \u003cmingo@elte.hu\u003e\nCc: \"David S. Miller\" \u003cdavem@davemloft.net\u003e\nCc: James Morris \u003cjmorris@namei.org\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "788084aba2ab7348257597496befcbccabdc98a3", "tree": "2da42d746d67b16ef705229a1b5a3528ec19c725", "parents": [ "8cf948e744e0218af604c32edecde10006dc8e9e" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Fri Jul 31 12:54:11 2009 -0400" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Aug 17 15:09:11 2009 +1000" }, "message": "Security/SELinux: seperate lsm specific mmap_min_addr\n\nCurrently SELinux enforcement of controls on the ability to map low memory\nis determined by the mmap_min_addr tunable. This patch causes SELinux to\nignore the tunable and instead use a seperate Kconfig option specific to how\nmuch space the LSM should protect.\n\nThe tunable will now only control the need for CAP_SYS_RAWIO and SELinux\npermissions will always protect the amount of low memory designated by\nCONFIG_LSM_MMAP_MIN_ADDR.\n\nThis allows users who need to disable the mmap_min_addr controls (usual reason\nbeing they run WINE as a non-root user) to do so and still have SELinux\ncontrols preventing confined domains (like a web server) from being able to\nmap some area of low memory.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" } ] }