[Bug 19732] New: Security: use CAP_SYS_RAWIO during start up to map the memory below mmap_min_addr instead of permanently lowering it at install time
wine-bugs at winehq.org
wine-bugs at winehq.org
Fri Aug 14 20:25:56 CDT 2009
http://bugs.winehq.org/show_bug.cgi?id=19732
Summary: Security: use CAP_SYS_RAWIO during start up to map the
memory below mmap_min_addr instead of permanently
lowering it at install time
Product: Wine
Version: 1.1.21
Platform: PC
OS/Version: Linux
Status: NEW
Severity: normal
Priority: P2
Component: -unknown
AssignedTo: wine-bugs at winehq.org
ReportedBy: scott at open-vote.org
Background:
In order to work around the mmap_min_addr setting introduced a while back that
breaks Wine, many Wine packages now install conf files to /etc/sysctl.d/ that
disable mmap_min_addr entirely. This reduces security of the system, as any
kernel null pointer dereference bug can root the machine. One such bug was
found to be open for 8 years.
This launchpad bug gives hints at what we need to do to implement this within
Wine properly.
----
More information about the wine-bugs
mailing list