Current-Users archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

HEADS UP: user address 0 mapping disabled

Hi -

as you might remember from some press coverage and
discussion end of last year, allowing a userspace
program to map virtual address 0 is a security
risk on some CPU architectures. i386 and amd64 are
The risk is that it allows to inject code or data
into the kernel address space, at the kernel's
virtual address 0. It still needs a kernel bug
which makes it access code or data at NULL.
While I'm not aware of one, it is highly likely
that it exists, just because there is nothing like
100% correct code.

So I've just changed the kernel to disallow user
mappings of address 0 in the default case. This
affects use of mmap() and execution of binaries
which want to load text or data into the first
page. Native NetBSD code is not affected, so in
all common use cases the system should work
as before.
Programs which make use of the i386's "VM86"
mode (DOS emulators), and binary emulations for
ancient object formats might stop working.

If it is needed (and the risk is understood),
address 0 mappings can be allowed, in two ways:
-at kernel build time, by a config option
-at runtime, by setting the sysctl flag
 "vm.user_va0_disable" to 0
 (this can't be done at securelevel > 0)

I hope this doesn't cause unexpected trouble.
Please report if you see problems.

best regards

Forschungszentrum Juelich GmbH
52425 Juelich
Sitz der Gesellschaft: Juelich
Eingetragen im Handelsregister des Amtsgerichts Dueren Nr. HR B 3498
Vorsitzende des Aufsichtsrats: MinDir'in Baerbel Brumme-Bothe
Geschaeftsfuehrung: Prof. Dr. Achim Bachem (Vorsitzender),
Dr. Ulrich Krafft (stellv. Vorsitzender), Prof. Dr.-Ing. Harald Bolt,
Prof. Dr. Sebastian M. Schmidt

Home | Main Index | Thread Index | Old Index