Set vm.mmap_min_addr to 4096 to block a security problem.

author Arne Fitzenreiter <arne_f@ipfire.org>

Wed, 4 Nov 2009 17:48:38 +0000 (18:48 +0100)

committer Arne Fitzenreiter <arne_f@ipfire.org>

Wed, 4 Nov 2009 17:48:38 +0000 (18:48 +0100)
author Arne Fitzenreiter <arne_f@ipfire.org>
Wed, 4 Nov 2009 17:48:38 +0000 (18:48 +0100)
committer Arne Fitzenreiter <arne_f@ipfire.org>
Wed, 4 Nov 2009 17:48:38 +0000 (18:48 +0100)
diff --git a/config/etc/sysctl.conf b/config/etc/sysctl.conf

index f88ec5f7a3824f36235f575527f500866623af43..8855e3206e4b8ded1b161cd3ca26aa3abf064657 100644 (file)
--- a/config/etc/sysctl.conf
+++ b/config/etc/sysctl.conf
@@ -23,3 +23,4 @@ net.ipv4.conf.all.log_martians = 1
  
  kernel.printk = 1 4 1 7
  vm.swappiness=0
+vm.mmap_min_addr = 4096
diff --git a/config/rootfiles/core/33/update.sh b/config/rootfiles/core/33/update.sh

index 08c886d416eae49e19b33b31635bf9940aa9d35a..582e30837ed6ce60e393898e8e5e8b5a56096962 100644 (file)
--- a/config/rootfiles/core/33/update.sh
+++ b/config/rootfiles/core/33/update.sh
@@ -25,12 +25,16 @@
  /usr/local/bin/backupctrl exclude >/dev/null 2>&1
  #
  #Stop services
-
+#
+#Set vm.mmap_min_addr to block a kernel security hole
+grep -v "vm.mmap_min_addr" /etc/sysctl.conf > /var/tmp/sysctl.conf.tmp
+echo "vm.mmap_min_addr = 4096" >> /var/tmp/sysctl.conf.tmp
+mv /var/tmp/sysctl.conf.tmp /etc/sysctl.conf
+sysctl -w vm.mmap_min_addr="4096"
  #
  extract_files
  #
  #Start services
-
  #
  #Update Language cache
  perl -e "require '/var/ipfire/lang.pl'; &Lang::BuildCacheLang"
author	Arne Fitzenreiter <arne_f@ipfire.org>
	Wed, 4 Nov 2009 17:48:38 +0000 (18:48 +0100)
committer	Arne Fitzenreiter <arne_f@ipfire.org>
	Wed, 4 Nov 2009 17:48:38 +0000 (18:48 +0100)
config/etc/sysctl.conf		patch \| blob \| blame \| history
config/rootfiles/core/33/update.sh		patch \| blob \| blame \| history