Debian 4.0 and mmap_min_addr null pointer dereference flaw
|
View:
New views
8 Messages
—
Rating Filter:
Alert me
|
 |
Debian 4.0 and mmap_min_addr null pointer dereference flaw
by john -3
::
Rate this Message:
Hello all,
I see that there is another null pointer dereference flaw being talked about. http://www.theregister.co.uk/2009/11/03/linux_kernel_vulnerability/ It looks like we can take step in Debian 5.0 to mitigate this threat by setting echvm.mmap_min_addr = 4096 per http://wiki.debian.org/mmap_min_addr I am running some servers running Debian 4.0. I doesn't look like there is a /etc/sysctl.d/mmap_min_addr.conf to edit. Where are these values stored under Debian 4.0. What is the right way to proceed? Should I be looking at upgrading my servers? Thanks! John -- To UNSUBSCRIBE, email to debian-security-REQUEST@... with a subject of "unsubscribe". Trouble? Contact listmaster@... |
|
|
Re: Debian 4.0 and mmap_min_addr null pointer dereference flaw
by jmdh
::
Rate this Message:
On Wed, Nov 04, 2009 at 09:05:20AM -0800, john wrote:
> I see that there is another null pointer dereference flaw being talked about. > http://www.theregister.co.uk/2009/11/03/linux_kernel_vulnerability/ > > It looks like we can take step in Debian 5.0 to mitigate this threat by setting > echvm.mmap_min_addr = 4096 > > per http://wiki.debian.org/mmap_min_addr > > I am running some servers running Debian 4.0. I doesn't look like > there is a /etc/sysctl.d/mmap_min_addr.conf to edit. Where are these > values stored > under Debian 4.0. > > What is the right way to proceed? Should I be looking at upgrading my servers? The mmap_min_addr tuneabout was not introduced until after 2.6.18, which is the default etch kernel. I am using the 'etchnhalf' kernel (linux-image-2.6.24-etchnhalf*) on an etch machine, partly since it offers this protection. -- Dominic Hargreaves | http://www.larted.org.uk/~dom/ PGP key 5178E2A5 from the.earth.li (keyserver,web,email) -- To UNSUBSCRIBE, email to debian-security-REQUEST@... with a subject of "unsubscribe". Trouble? Contact listmaster@... |
|
|
Re: Debian 4.0 and mmap_min_addr null pointer dereference flaw
by dann frazier
::
Rate this Message:
On Wed, Nov 04, 2009 at 09:05:20AM -0800, john wrote:
> Hello all, > > I see that there is another null pointer dereference flaw being talked about. > http://www.theregister.co.uk/2009/11/03/linux_kernel_vulnerability/ > > It looks like we can take step in Debian 5.0 to mitigate this threat by setting > echvm.mmap_min_addr = 4096 > > per http://wiki.debian.org/mmap_min_addr > > I am running some servers running Debian 4.0. I doesn't look like > there is a /etc/sysctl.d/mmap_min_addr.conf to edit. Where are these > values stored > under Debian 4.0. There isn't a pre-existing mmap_min_addr.conf, you need to create it. You can view the current value in /proc: # cat /proc/sys/vm/mmap_min_addr > What is the right way to proceed? Should I be looking at upgrading my servers? > > Thanks! > > John > > -- dann frazier -- To UNSUBSCRIBE, email to debian-security-REQUEST@... with a subject of "unsubscribe". Trouble? Contact listmaster@... |
|
|
Re: Debian 4.0 and mmap_min_addr null pointer dereference flaw
by john -3
::
Rate this Message:
On Wed, Nov 4, 2009 at 9:15 AM, Dominic Hargreaves <dom@...> wrote:
> On Wed, Nov 04, 2009 at 09:05:20AM -0800, john wrote: >> I see that there is another null pointer dereference flaw being talked about. >> http://www.theregister.co.uk/2009/11/03/linux_kernel_vulnerability/ >> >> It looks like we can take step in Debian 5.0 to mitigate this threat by setting >> echvm.mmap_min_addr = 4096 >> >> per http://wiki.debian.org/mmap_min_addr >> >> I am running some servers running Debian 4.0. I doesn't look like >> there is a /etc/sysctl.d/mmap_min_addr.conf to edit. Where are these >> values stored >> under Debian 4.0. >> >> What is the right way to proceed? Should I be looking at upgrading my servers? > > The mmap_min_addr tuneabout was not introduced until after 2.6.18, > which is the default etch kernel. I am using the 'etchnhalf' kernel > (linux-image-2.6.24-etchnhalf*) on an etch machine, partly since it > offers this protection. > So would sudo apt-get install linux-image-2.6.24-etchnhalf.1-686 be the right approach here? John > -- > Dominic Hargreaves | http://www.larted.org.uk/~dom/ > PGP key 5178E2A5 from the.earth.li (keyserver,web,email) > -- To UNSUBSCRIBE, email to debian-security-REQUEST@... with a subject of "unsubscribe". Trouble? Contact listmaster@... |
|
|
Re: Debian 4.0 and mmap_min_addr null pointer dereference flaw
by Rick Moen
::
Rate this Message:
Quoting john (lists.john@...):
> I see that there is another null pointer dereference flaw being talked about. > http://www.theregister.co.uk/2009/11/03/linux_kernel_vulnerability/ > > It looks like we can take step in Debian 5.0 to mitigate this threat by setting > echvm.mmap_min_addr = 4096 > > per http://wiki.debian.org/mmap_min_addr > > I am running some servers running Debian 4.0. I doesn't look like > there is a /etc/sysctl.d/mmap_min_addr.conf to edit. Where are these > values stored > under Debian 4.0. John, I believe you can/should just put vm.mmap_min_addr = 4096 at the bottom of /etc/sysctl.conf, and then re-run (as root) "sysctl -p" to load values from that file. You can verify that the appropriate /proc value has been set by doing cat /proc/sys/vm/mmap_min_addr Should now be "4096", rather than the distro default of "0". As you know, BitBake, dosemu (run by non-root users), WINE (if running Win16 apps), and qemu are the applications thus far identified that need to be able to mmap to low memory addresses, necessitating low vm.mmap_min_addr AKA /proc/sys/vm/mmap_min_addr values. -- To UNSUBSCRIBE, email to debian-security-REQUEST@... with a subject of "unsubscribe". Trouble? Contact listmaster@... |
|
|
Re: Debian 4.0 and mmap_min_addr null pointer dereference flaw
by dann frazier
::
Rate this Message:
On Wed, Nov 04, 2009 at 09:24:55AM -0800, john wrote:
> On Wed, Nov 4, 2009 at 9:15 AM, Dominic Hargreaves <dom@...> wrote: > > On Wed, Nov 04, 2009 at 09:05:20AM -0800, john wrote: > >> I see that there is another null pointer dereference flaw being talked about. > >> http://www.theregister.co.uk/2009/11/03/linux_kernel_vulnerability/ > >> > >> It looks like we can take step in Debian 5.0 to mitigate this threat by setting > >> echvm.mmap_min_addr = 4096 > >> > >> per http://wiki.debian.org/mmap_min_addr > >> > >> I am running some servers running Debian 4.0. I doesn't look like > >> there is a /etc/sysctl.d/mmap_min_addr.conf to edit. Where are these > >> values stored > >> under Debian 4.0. > >> > >> What is the right way to proceed? Should I be looking at upgrading my servers? > > > > The mmap_min_addr tuneabout was not introduced until after 2.6.18, > > which is the default etch kernel. I am using the 'etchnhalf' kernel > > (linux-image-2.6.24-etchnhalf*) on an etch machine, partly since it > > offers this protection. > > > Thanks Dominic, > > So would > > sudo apt-get install linux-image-2.6.24-etchnhalf.1-686 > > be the right approach here? A combination of that and the mmap_min_addr.conf file would do the trick. -- dann frazier -- To UNSUBSCRIBE, email to debian-security-REQUEST@... with a subject of "unsubscribe". Trouble? Contact listmaster@... |
|
|
Re: Debian 4.0 and mmap_min_addr null pointer dereference flaw
by jmdh
::
Rate this Message:
On Wed, Nov 04, 2009 at 09:24:55AM -0800, john wrote:
> On Wed, Nov 4, 2009 at 9:15 AM, Dominic Hargreaves <dom@...> wrote: > > The mmap_min_addr tuneabout was not introduced until after 2.6.18, > > which is the default etch kernel. I am using the 'etchnhalf' kernel > > (linux-image-2.6.24-etchnhalf*) on an etch machine, partly since it > > offers this protection. > So would > > sudo apt-get install linux-image-2.6.24-etchnhalf.1-686 > > be the right approach here? Assuming you would normally run a 686 flavour kernel, yes. Note that you would have to check that your hardware was compatible with 2.6.24. See http://www.debian.org/releases/etch/etchnhalf for more details and limitations of this approach. Note also that as with any security-related advice, don't just trust what I say; do some independent research to validate my claims. I take no responsibilty for the security of your system by offering this advice. Cheers, Dominic. -- Dominic Hargreaves | http://www.larted.org.uk/~dom/ PGP key 5178E2A5 from the.earth.li (keyserver,web,email) -- To UNSUBSCRIBE, email to debian-security-REQUEST@... with a subject of "unsubscribe". Trouble? Contact listmaster@... |
|
|
|
| Free embeddable forum powered by Nabble | Forum Help |
