Date: Fri, 09 Oct 2009 22:01:07 -0600
From: Theo de Raadt <deraadt@cvs.openbsd.org>
To: Luis Useche <useche@gmail.com>
cc: misc <misc@openbsd.org>
Subject: Re: mmap'ing to address 0x0
> I was reading some information that indicated that letting user
> process to map to address 0x0 can exploit some kernel NULL-pointer
> bugs. I checked how different operating systems mitigate this problem
> and I found information about Linux and FreeBSD. I was trying to find
> the same information for OpenBSD with no luck. Can anybody help me
> with this one?
We have been aware of the particular problem (which results from an
architectural decision made by some machines) for many years, and it
took us a long time to decide what to do. Eventually we decided to
make userland suffer. Unfortunately we only fixed it in the middle of
last year.
Other platforms do not have this problem, since the kernel runs in
an un-shared address space.
CVSROOT: /cvs
Module name: src
Changes by: deraadt@cvs.openbsd.org 2008/06/24 15:24:03
Modified files:
sys/arch/alpha/include: vmparam.h
sys/arch/amd64/include: vmparam.h
sys/arch/arm/include: vmparam.h
sys/arch/i386/include: vmparam.h
sys/arch/sh/include: vmparam.h
sys/arch/sparc/include: vmparam.h
sys/arch/vax/include: vmparam.h
sys/arch/sh/sh : trap.c
Log message:
On user/kernel shared page table machines, do not let processes map their
own page 0, as discussed with miod (and many others previously, including
art and toby). On sparc, make this __LDPGSZ because PAGE_SIZE is non-constant
ok miod tedu
Saturday, October 10, 2009
mmap'ing to address 0x0
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment