From dc931fbac742edd2963118cb1e3203baa0e4d56c Mon Sep 17 00:00:00 2001
From: Arne Fitzenreiter <arne_f@ipfire.org>
Date: Wed, 4 Nov 2009 18:48:38 +0100
Subject: [PATCH 1/1] Set vm.mmap_min_addr to 4096 to block a security problem.

---
 config/etc/sysctl.conf             | 1 +
 config/rootfiles/core/33/update.sh | 8 ++++++--
 2 files changed, 7 insertions(+), 2 deletions(-)

diff --git a/config/etc/sysctl.conf b/config/etc/sysctl.conf
index f88ec5f7a3..8855e3206e 100644
--- a/config/etc/sysctl.conf
+++ b/config/etc/sysctl.conf
@@ -23,3 +23,4 @@ net.ipv4.conf.all.log_martians = 1
 
 kernel.printk = 1 4 1 7
 vm.swappiness=0
+vm.mmap_min_addr = 4096
diff --git a/config/rootfiles/core/33/update.sh b/config/rootfiles/core/33/update.sh
index 08c886d416..582e30837e 100644
--- a/config/rootfiles/core/33/update.sh
+++ b/config/rootfiles/core/33/update.sh
@@ -25,12 +25,16 @@
 /usr/local/bin/backupctrl exclude >/dev/null 2>&1
 #
 #Stop services
-
+#
+#Set vm.mmap_min_addr to block a kernel security hole
+grep -v "vm.mmap_min_addr" /etc/sysctl.conf > /var/tmp/sysctl.conf.tmp
+echo "vm.mmap_min_addr = 4096" >> /var/tmp/sysctl.conf.tmp
+mv /var/tmp/sysctl.conf.tmp /etc/sysctl.conf
+sysctl -w vm.mmap_min_addr="4096"
 #
 extract_files
 #
 #Start services
-
 #
 #Update Language cache
 perl -e "require '/var/ipfire/lang.pl'; &Lang::BuildCacheLang"
-- 
2.39.2