aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorEric Paris2008-01-31 14:11:22 -0600
committerJames Morris2008-02-06 07:39:46 -0600
commita5ecbcb8c13ea8a822d243bf782d0dc9525b4f84 (patch)
tree902df830bf581642a49bbb1e4f4de5b9f80eeaa1 /security/Kconfig
parent551e4fb2465b87de9d4aa1669b27d624435443bb (diff)
downloadam43-linux-kernel-a5ecbcb8c13ea8a822d243bf782d0dc9525b4f84.tar.gz
am43-linux-kernel-a5ecbcb8c13ea8a822d243bf782d0dc9525b4f84.tar.xz
am43-linux-kernel-a5ecbcb8c13ea8a822d243bf782d0dc9525b4f84.zip
security: allow Kconfig to set default mmap_min_addr protection
Since it was decided that low memory protection from userspace couldn't be turned on by default add a Kconfig option to allow users/distros to set a default at compile time. This value is still tunable after boot in /proc/sys/vm/mmap_min_addr Discussion: http://www.mail-archive.com/linux-security-module@vger.kernel.org/msg02543.html Signed-off-by: Eric Paris <eparis@redhat.com> Signed-off-by: James Morris <jmorris@namei.org>
Diffstat (limited to 'security/Kconfig')
-rw-r--r--security/Kconfig18
1 files changed, 18 insertions, 0 deletions
diff --git a/security/Kconfig b/security/Kconfig
index 25ffe1b9dc9..5dfc206748c 100644
--- a/security/Kconfig
+++ b/security/Kconfig
@@ -104,6 +104,24 @@ config SECURITY_ROOTPLUG
104 104
105 If you are unsure how to answer this question, answer N. 105 If you are unsure how to answer this question, answer N.
106 106
107config SECURITY_DEFAULT_MMAP_MIN_ADDR
108 int "Low address space to protect from user allocation"
109 depends on SECURITY
110 default 0
111 help
112 This is the portion of low virtual memory which should be protected
113 from userspace allocation. Keeping a user from writing to low pages
114 can help reduce the impact of kernel NULL pointer bugs.
115
116 For most users with lots of address space a value of 65536 is
117 reasonable and should cause no problems. Programs which use vm86
118 functionality would either need additional permissions from either
119 the LSM or the capabilities module or have this protection disabled.
120
121 This value can be changed after boot using the
122 /proc/sys/vm/mmap_min_addr tunable.
123
124
107source security/selinux/Kconfig 125source security/selinux/Kconfig
108source security/smack/Kconfig 126source security/smack/Kconfig
109 127