You can check to see if you're on an affected system
by doing "cat /proc/sys/vm/mmap_min". If that succeeds, and its value
is nonzero, you're probably running into this.
To work around the problem temporarily, you can change this value
with the command
sudo sysctl -w vm.mmap_min_addr=0
but that value gets reset at boot. To work around the problem more
persistantly, also edit the file /etc/sysctl.conf like this:
# protect bottom 64k of memory from mmap to prevent NULL-dereference
# attacks against potential future kernel security vulnerabilities.
# (Added in kernel 2.6.23.)
-vm.mmap_min_addr = 65536
+vm.mmap_min_addr = 0
http://kerneltrap.org/Linux/2.4.36_Stable_Release suggests using
a value of 4096 for this.
"Advanced Windows", 3rd edition, says that the memory area 0 to 4095
is not mapped anyway in windows (it's a guard page).
So maybe when Wine is installed, we could somehow change that value
to 4096, and have Wine's preloader happily continue if it can't
map the bottom page of RAM.
For completeness, here's the summary I wrote in the dup bug:
The problem cve.mitre. org/cgi- bin/cvename. cgi?name= CVE-2008- 0600 vm/mmap_ min_addr MMAP_MIN_ ADDR to 64K from 0. /launchpad. net/bugs/ 114025 kerneltrap. org/Linux/ Patching_ CVE-2008- 0600_Local_ Root_Exploit kerneltrap. org/Linux/ 2.4.36_ Stable_ Release
http://
prompted distributions to raise the default for /proc/sys/
or even DEFAULT_
This causes the following error message when starting (some?) wine apps:
Problem with wine preloader: Warning: failed to reserve range
00000000-60000000
See discussion:
https:/
http://
http://
You can check to see if you're on an affected system vm/mmap_ min". If that succeeds, and its value
by doing "cat /proc/sys/
is nonzero, you're probably running into this.
To work around the problem temporarily, you can change this value
with the command
sudo sysctl -w vm.mmap_min_addr=0
but that value gets reset at boot. To work around the problem more
persistantly, also edit the file /etc/sysctl.conf like this:
# protect bottom 64k of memory from mmap to prevent NULL-dereference
# attacks against potential future kernel security vulnerabilities.
# (Added in kernel 2.6.23.)
-vm.mmap_min_addr = 65536
+vm.mmap_min_addr = 0
http:// kerneltrap. org/Linux/ 2.4.36_ Stable_ Release suggests using
a value of 4096 for this.
"Advanced Windows", 3rd edition, says that the memory area 0 to 4095
is not mapped anyway in windows (it's a guard page).
So maybe when Wine is installed, we could somehow change that value
to 4096, and have Wine's preloader happily continue if it can't
map the bottom page of RAM.