Comment 18 for bug 216398

Revision history for this message
Josh Leahy (jleahy) wrote : Re: dosemu segfaults on startup

Change was in 2.6.23 kernel update, lines 18-21 of /etc/sysctl.conf.

Suggested vm.mmap_min_addr be changed back to zero for Intrepid, as functionality for non-technical users should be more important the protecting the lower 64kb of memory. The linux kernel has a good track record for security vulnerabilities and vulnerabilities exploiting a dereferenced NULL pointer are rare. This also affects hardware virtualisation.

This was discussed in the LKML (https://kerneltrap.org/mailarchive/linux-kernel/2007/6/5/100078) and it was decided that min_addr=0 should be the default behavior so as not to break user-land by default.

Excerpt from /etc/sysctl.conf below:

# protect bottom 64k of memory from mmap to prevent NULL-dereference
# attacks against potential future kernel security vulnerabilities.
# (Added in kernel 2.6.23.)
vm.mmap_min_addr = 65536

Suggested change to:

# If enabled (set to 65536) will prevent userland from allocating
# more memory, which is more secure. However some features will
# break including dosemu, wine and hardware virtualisation.
vm.mmap_min_addr = 0

Finally I request this bug be moved to the ubuntu kernel, as it affects not only dosemu, but also wine, hardware virtualisation and an unknown number of other userland programs.