Ubuntu
linux package

mmap_min_addr /proc entry not visible to regular users

Bug #568844 reported by Kees Cook
26
This bug affects 5 people
Affects Status Importance Assigned to Milestone
linux (Ubuntu)
Fix Released
Medium
Andy Whitcroft
Lucid
Fix Released
Medium
Andy Whitcroft
Ubuntu lucid-updates
Tags: kj-triage
Revision history for this message
Jeremy Foshee (jeremyfoshee) wrote :

Hi Kees,

Please be sure to confirm this issue exists with the latest development release of Ubuntu. ISO CD images are available from http://cdimage.ubuntu.com/releases/ . If the issue remains, please run the following command from a Terminal (Applications->Accessories->Terminal). It will automatically gather and attach updated debug information to this report.

apport-collect -p linux 568844

Also, if you could test the latest upstream kernel available that would be great. It will allow additional upstream developers to examine the issue. Refer to https://wiki.ubuntu.com/KernelMainlineBuilds . Once you've tested the upstream kernel, please remove the 'needs-upstream-testing' tag. This can be done by clicking on the yellow pencil icon next to the tag located at the bottom of the bug description and deleting the 'needs-upstream-testing' text. Please let us know your results.

Thanks in advance.

    [This is an automated message. Apologies if it has reached you inappropriately; please just reply to this message indicating so.]

tags: added: needs-kernel-logs
tags: added: needs-upstream-testing
tags: added: kj-triage
Changed in linux (Ubuntu):
status: New → Incomplete
Revision history for this message
Jeremy Foshee (jeremyfoshee) wrote :

Kees,
    I think it goes without saying, but please disregard the automated message above. :-)

~JFo

Changed in linux (Ubuntu):
status: Incomplete → Confirmed
importance: Undecided → Medium
Kees Cook (kees)
Changed in linux (Ubuntu Lucid):
milestone: none → lucid-updates
Revision history for this message
Riku Voipio (riku-voipio) wrote :

This breaks qemu linux-user as reads this file to know where to mmap:

open("/proc/sys/vm/mmap_min_addr", O_RDONLY) = 3
fstat(3, {st_mode=S_IFREG|0644, st_size=0, ...}) = 0
read(3, 0x7f82b8f7b000, 1024) = -1 EPERM (Operation not permitted)
close(3) = 0
...
mmap(0x8000, 454656, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0) = -1 EPERM (Operation not permitted)
write(4, "mmap: Operation not permitted\n", 30mmap: Operation not permitted
...

Andy Whitcroft (apw)
Changed in linux (Ubuntu Lucid):
assignee: nobody → Andy Whitcroft (apw)
Changed in linux (Ubuntu):
milestone: lucid-updates → later
milestone: later → none
assignee: nobody → Andy Whitcroft (apw)
Andy Whitcroft (apw)
tags: removed: needs-kernel-logs needs-upstream-testing
Leann Ogasawara (leannogasawara)
Changed in linux (Ubuntu):
status: Confirmed → Fix Committed
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package linux - 2.6.34-1.6

---------------
linux (2.6.34-1.6) maverick; urgency=low

  [ Chase Douglas ]

  * enforce CONFIG_TMPFS_POSIX_ACL=y
    - LP: #575940
  * don't force module dependency checking
    - LP: #577029

  [ Kees Cook ]

  * SAUCE: mmap_min_addr check CAP_SYS_RAWIO only for write
    - LP: #568844

  [ Leann Ogasawara ]

  * Revert "SAUCE: ata: blacklist FUJITSU MHW2160BH PL"
  * rebase to v2.6.34-rc7
  * [Config] update configs following rebase to v2.6.34-rc7
  * [Config] update port configs following rebase to v2.6.34-rc7
  * Add btrfs to the udebs

  [ Tim Gardner ]

  * [Config] Add atl1c to nic-modules udeb
    - LP: #557130

  [ Upstream changes ]

  * rebased to v2.6.34-rc7

linux (2.6.34-1.5) UNRELEASED; urgency=low

  [ Leann Ogasawara ]

  * rebase to v2.6.34-rc6
  * [Config] update configs following rebase to v2.6.34-rc6
  * [Config] update port configs following rebase to v2.6.34-rc6

  [ Upstream changes ]

  * rebased to v2.6.34-rc6

linux (2.6.34-1.4) UNRELEASED; urgency=low

  [ Leann Ogasawara ]

  * rebase to v2.6.34-rc5
  * [Config] update ports configs following rebase to v2.6.34-rc5

  [ Upstream changes ]

  * rebased to v2.6.34-rc5

linux (2.6.34-1.3) UNRELEASED; urgency=low

  [ Leann Ogasawara ]

  * rebase to v2.6.34-rc4
  * [Config] update configs following rebase to v2.6.34-rc4
  * [Config] update port configs following rebase to v2.6.34-rc4
  * ubuntu: dm-raid4-5 -- update to compile with 2.6.34-rc4

  [ Upstream changes ]

  * rebased to v2.6.34-rc4

linux (2.6.34-1.2) UNRELEASED; urgency=low

  [ Leann Ogasawara ]

  * Temorarily disable building linux-doc
  * rebase to v2.6.34-rc3
  * [Config] update configs following rebase to v2.6.34-rc3
  * [Config] update port configs following rebase to v2.6.34-rc3

  [ Upstream changes ]

  * rebased to v2.6.34-rc3

linux (2.6.34-1.1) UNRELEASED; urgency=low

  [ Leann Ogasawara ]

  * rebase to v2.6.34-rc2
  * ubuntu: dm-raid4-5 -- update to compile with 2.6.34-rc2
  * [Config] update port configs following rebase to v2.6.34-rc2
  * [Config] update configs following rebase to v2.6.34-rc2

  [ Upstream changes ]

  * rebased to v2.6.34-rc2

linux (2.6.33-1.1) UNRELEASED; urgency=low

  [ Leann Ogasawara ]

  * ubuntu: dm-raid4-5 -- update to compile with 2.6.33
  * ubuntu: lirc -- drop explicit include of linux/autoconf.h
  * ubuntu: lirc -- pass kfifo to kfifo_alloc and move spinlock
  * ubuntu: lirc -- rename kfifo_put and kfifo_get
  * ubuntu: iscsitarget -- rename daddr inet_sock field
  * rebased to v2.6.33
  * [Config] update configs following rebase to v2.6.33
  * [Config] update ports configs following rebase to v2.6.33

  [ Upstream changes ]

  * rebased to v2.6.33
 -- Leann Ogasawara <email address hidden> Tue, 11 May 2010 11:29:08 +0200

Changed in linux (Ubuntu):
status: Fix Committed → Fix Released
Revision history for this message
Marcell Lengyel (miketkf) wrote :

marcell@epia2:~$ uname -a
Linux epia2 2.6.32-24-386 #43-Ubuntu SMP Thu Sep 16 16:44:33 UTC 2010 i686 GNU/Linux
marcell@epia2:~$ cat /proc/sys/vm/mmap_min_addr
65536
marcell@epia2:~$ cat /etc/issue
Ubuntu 10.04.1 LTS \n \l
marcell@epia2:~$

So it seems to be fixed for Lucid in the latest kernel updates.

Revision history for this message
Andy Whitcroft (apw) wrote :

This was applied via a -stable update.

Changed in linux (Ubuntu Lucid):
status: Confirmed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.