mmap_min_addr /proc entry not visible to regular users

Bug #568844 reported by Kees Cook
26
This bug affects 5 people
Affects Status Importance Assigned to Milestone
linux (Ubuntu)
Fix Released
Medium
Andy Whitcroft
Lucid
Fix Released
Medium
Andy Whitcroft
Tags: kj-triage
Revision history for this message
Jeremy Foshee (jeremyfoshee) wrote :

Hi Kees,

Please be sure to confirm this issue exists with the latest development release of Ubuntu. ISO CD images are available from http://cdimage.ubuntu.com/releases/ . If the issue remains, please run the following command from a Terminal (Applications->Accessories->Terminal). It will automatically gather and attach updated debug information to this report.

apport-collect -p linux 568844

Also, if you could test the latest upstream kernel available that would be great. It will allow additional upstream developers to examine the issue. Refer to https://wiki.ubuntu.com/KernelMainlineBuilds . Once you've tested the upstream kernel, please remove the 'needs-upstream-testing' tag. This can be done by clicking on the yellow pencil icon next to the tag located at the bottom of the bug description and deleting the 'needs-upstream-testing' text. Please let us know your results.

Thanks in advance.

    [This is an automated message. Apologies if it has reached you inappropriately; please just reply to this message indicating so.]

tags: added: needs-kernel-logs
tags: added: needs-upstream-testing
tags: added: kj-triage
Changed in linux (Ubuntu):
status: New → Incomplete
Revision history for this message
Jeremy Foshee (jeremyfoshee) wrote :

Kees,
    I think it goes without saying, but please disregard the automated message above. :-)

~JFo

Changed in linux (Ubuntu):
status: Incomplete → Confirmed
importance: Undecided → Medium
Kees Cook (kees)
Changed in linux (Ubuntu Lucid):
milestone: none → lucid-updates
Revision history for this message
Riku Voipio (riku-voipio) wrote :

This breaks qemu linux-user as reads this file to know where to mmap:

open("/proc/sys/vm/mmap_min_addr", O_RDONLY) = 3
fstat(3, {st_mode=S_IFREG|0644, st_size=0, ...}) = 0
read(3, 0x7f82b8f7b000, 1024) = -1 EPERM (Operation not permitted)
close(3) = 0
...
mmap(0x8000, 454656, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0) = -1 EPERM (Operation not permitted)
write(4, "mmap: Operation not permitted\n", 30mmap: Operation not permitted
...

Andy Whitcroft (apw)
Changed in linux (Ubuntu Lucid):
assignee: nobody → Andy Whitcroft (apw)
Changed in linux (Ubuntu):
milestone: lucid-updates → later
milestone: later → none
assignee: nobody → Andy Whitcroft (apw)
Andy Whitcroft (apw)
tags: removed: needs-kernel-logs needs-upstream-testing
Changed in linux (Ubuntu):
status: Confirmed → Fix Committed
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package linux - 2.6.34-1.6

---------------
linux (2.6.34-1.6) maverick; urgency=low

  [ Chase Douglas ]

  * enforce CONFIG_TMPFS_POSIX_ACL=y
    - LP: #575940
  * don't force module dependency checking
    - LP: #577029

  [ Kees Cook ]

  * SAUCE: mmap_min_addr check CAP_SYS_RAWIO only for write
    - LP: #568844

  [ Leann Ogasawara ]

  * Revert "SAUCE: ata: blacklist FUJITSU MHW2160BH PL"
  * rebase to v2.6.34-rc7
  * [Config] update configs following rebase to v2.6.34-rc7
  * [Config] update port configs following rebase to v2.6.34-rc7
  * Add btrfs to the udebs

  [ Tim Gardner ]

  * [Config] Add atl1c to nic-modules udeb
    - LP: #557130

  [ Upstream changes ]

  * rebased to v2.6.34-rc7

linux (2.6.34-1.5) UNRELEASED; urgency=low

  [ Leann Ogasawara ]

  * rebase to v2.6.34-rc6
  * [Config] update configs following rebase to v2.6.34-rc6
  * [Config] update port configs following rebase to v2.6.34-rc6

  [ Upstream changes ]

  * rebased to v2.6.34-rc6

linux (2.6.34-1.4) UNRELEASED; urgency=low

  [ Leann Ogasawara ]

  * rebase to v2.6.34-rc5
  * [Config] update ports configs following rebase to v2.6.34-rc5

  [ Upstream changes ]

  * rebased to v2.6.34-rc5

linux (2.6.34-1.3) UNRELEASED; urgency=low

  [ Leann Ogasawara ]

  * rebase to v2.6.34-rc4
  * [Config] update configs following rebase to v2.6.34-rc4
  * [Config] update port configs following rebase to v2.6.34-rc4
  * ubuntu: dm-raid4-5 -- update to compile with 2.6.34-rc4

  [ Upstream changes ]

  * rebased to v2.6.34-rc4

linux (2.6.34-1.2) UNRELEASED; urgency=low

  [ Leann Ogasawara ]

  * Temorarily disable building linux-doc
  * rebase to v2.6.34-rc3
  * [Config] update configs following rebase to v2.6.34-rc3
  * [Config] update port configs following rebase to v2.6.34-rc3

  [ Upstream changes ]

  * rebased to v2.6.34-rc3

linux (2.6.34-1.1) UNRELEASED; urgency=low

  [ Leann Ogasawara ]

  * rebase to v2.6.34-rc2
  * ubuntu: dm-raid4-5 -- update to compile with 2.6.34-rc2
  * [Config] update port configs following rebase to v2.6.34-rc2
  * [Config] update configs following rebase to v2.6.34-rc2

  [ Upstream changes ]

  * rebased to v2.6.34-rc2

linux (2.6.33-1.1) UNRELEASED; urgency=low

  [ Leann Ogasawara ]

  * ubuntu: dm-raid4-5 -- update to compile with 2.6.33
  * ubuntu: lirc -- drop explicit include of linux/autoconf.h
  * ubuntu: lirc -- pass kfifo to kfifo_alloc and move spinlock
  * ubuntu: lirc -- rename kfifo_put and kfifo_get
  * ubuntu: iscsitarget -- rename daddr inet_sock field
  * rebased to v2.6.33
  * [Config] update configs following rebase to v2.6.33
  * [Config] update ports configs following rebase to v2.6.33

  [ Upstream changes ]

  * rebased to v2.6.33
 -- Leann Ogasawara <email address hidden> Tue, 11 May 2010 11:29:08 +0200

Changed in linux (Ubuntu):
status: Fix Committed → Fix Released
Revision history for this message
Marcell Lengyel (miketkf) wrote :

marcell@epia2:~$ uname -a
Linux epia2 2.6.32-24-386 #43-Ubuntu SMP Thu Sep 16 16:44:33 UTC 2010 i686 GNU/Linux
marcell@epia2:~$ cat /proc/sys/vm/mmap_min_addr
65536
marcell@epia2:~$ cat /etc/issue
Ubuntu 10.04.1 LTS \n \l
marcell@epia2:~$

So it seems to be fixed for Lucid in the latest kernel updates.

Revision history for this message
Andy Whitcroft (apw) wrote :

This was applied via a -stable update.

Changed in linux (Ubuntu Lucid):
status: Confirmed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers