Change was in 2.6.23 kernel update, lines 18-21 of /etc/sysctl.conf.
Suggested vm.mmap_min_addr be changed back to zero for Intrepid, as functionality for non-technical users should be more important the protecting the lower 64kb of memory. The linux kernel has a good track record for security vulnerabilities and vulnerabilities exploiting a dereferenced NULL pointer are rare. This also affects hardware virtualisation.
# protect bottom 64k of memory from mmap to prevent NULL-dereference
# attacks against potential future kernel security vulnerabilities.
# (Added in kernel 2.6.23.)
vm.mmap_min_addr = 65536
Suggested change to:
# If enabled (set to 65536) will prevent userland from allocating
# more memory, which is more secure. However some features will
# break including dosemu, wine and hardware virtualisation.
vm.mmap_min_addr = 0
Finally I request this bug be moved to the ubuntu kernel, as it affects not only dosemu, but also wine, hardware virtualisation and an unknown number of other userland programs.
Change was in 2.6.23 kernel update, lines 18-21 of /etc/sysctl.conf.
Suggested vm.mmap_min_addr be changed back to zero for Intrepid, as functionality for non-technical users should be more important the protecting the lower 64kb of memory. The linux kernel has a good track record for security vulnerabilities and vulnerabilities exploiting a dereferenced NULL pointer are rare. This also affects hardware virtualisation.
This was discussed in the LKML (https:/ /kerneltrap. org/mailarchive /linux- kernel/ 2007/6/ 5/100078) and it was decided that min_addr=0 should be the default behavior so as not to break user-land by default.
Excerpt from /etc/sysctl.conf below:
# protect bottom 64k of memory from mmap to prevent NULL-dereference
# attacks against potential future kernel security vulnerabilities.
# (Added in kernel 2.6.23.)
vm.mmap_min_addr = 65536
Suggested change to:
# If enabled (set to 65536) will prevent userland from allocating
# more memory, which is more secure. However some features will
# break including dosemu, wine and hardware virtualisation.
vm.mmap_min_addr = 0
Finally I request this bug be moved to the ubuntu kernel, as it affects not only dosemu, but also wine, hardware virtualisation and an unknown number of other userland programs.