diff options
author | bz <bz@FreeBSD.org> | 2009-10-02 17:48:51 +0000 |
---|---|---|
committer | bz <bz@FreeBSD.org> | 2009-10-02 17:48:51 +0000 |
commit | bc660fe08f5a3fcc675457693dce1aa6f0f38e30 (patch) | |
tree | 844b39d4c1c05a1f873daf5952cdc516f114880a /sys/kern/init_main.c | |
parent | aba60457db3c753fc3a57a0cd5a47f32159e2815 (diff) | |
download | FreeBSD-src-bc660fe08f5a3fcc675457693dce1aa6f0f38e30.zip FreeBSD-src-bc660fe08f5a3fcc675457693dce1aa6f0f38e30.tar.gz |
Add a mitigation feature that will prevent user mappings at
virtual address 0, limiting the ability to convert a kernel
NULL pointer dereference into a privilege escalation attack.
If the sysctl is set to 0 a newly started process will not be able
to map anything in the address range of the first page (0 to PAGE_SIZE).
This is the default. Already running processes are not affected by this.
You can either change the sysctl or the tunable from loader in case
you need to map at a virtual address of 0, for example when running
any of the extinct species of a set of a.out binaries, vm86 emulation, ..
In that case set security.bsd.map_at_zero="1".
Superseeds: r197537
In collaboration with: jhb, kib, alc
Diffstat (limited to 'sys/kern/init_main.c')
-rw-r--r-- | sys/kern/init_main.c | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/sys/kern/init_main.c b/sys/kern/init_main.c index 2c1b4cf..0af22fa 100644 --- a/sys/kern/init_main.c +++ b/sys/kern/init_main.c @@ -505,6 +505,11 @@ proc0_init(void *dummy __unused) pmap_pinit0(vmspace_pmap(&vmspace0)); p->p_vmspace = &vmspace0; vmspace0.vm_refcnt = 1; + + /* + * proc0 is not expected to enter usermode, so there is no special + * handling for sv_minuser here, like is done for exec_new_vmspace(). + */ vm_map_init(&vmspace0.vm_map, p->p_sysent->sv_minuser, p->p_sysent->sv_maxuser); vmspace0.vm_map.pmap = vmspace_pmap(&vmspace0); |