From bf82e813110207d11bf494fd3aae7ee8fe253e0b Mon Sep 17 00:00:00 2001 From: Dirk Müller Date: Apr 14 2022 22:42:02 +0000 Subject: Update config files. set CONFIG_LSM_MMAP_MIN_ADDR according to upstream default to 32768/65536 to have a minimum protection against null pointer vulnerabilities. This was previously set to 0 to enable dosemu, but dosemu no longer requires that setting, especially not on non-x86. --- diff --git a/config/arm64/vanilla b/config/arm64/vanilla index 06550d0..672c5e4 100644 --- a/config/arm64/vanilla +++ b/config/arm64/vanilla @@ -11469,7 +11469,7 @@ CONFIG_SECURITY_NETWORK=y CONFIG_SECURITY_INFINIBAND=y CONFIG_SECURITY_NETWORK_XFRM=y CONFIG_SECURITY_PATH=y -CONFIG_LSM_MMAP_MIN_ADDR=0 +CONFIG_LSM_MMAP_MIN_ADDR=32768 CONFIG_HAVE_HARDENED_USERCOPY_ALLOCATOR=y CONFIG_HARDENED_USERCOPY=y # CONFIG_HARDENED_USERCOPY_PAGESPAN is not set diff --git a/config/armv6hl/vanilla b/config/armv6hl/vanilla index 1b78b2e..1f463d4 100644 --- a/config/armv6hl/vanilla +++ b/config/armv6hl/vanilla @@ -8041,7 +8041,7 @@ CONFIG_SECURITYFS=y CONFIG_SECURITY_NETWORK=y CONFIG_SECURITY_NETWORK_XFRM=y CONFIG_SECURITY_PATH=y -CONFIG_LSM_MMAP_MIN_ADDR=0 +CONFIG_LSM_MMAP_MIN_ADDR=32768 CONFIG_HAVE_HARDENED_USERCOPY_ALLOCATOR=y CONFIG_HARDENED_USERCOPY=y # CONFIG_HARDENED_USERCOPY_PAGESPAN is not set diff --git a/config/armv7hl/vanilla b/config/armv7hl/vanilla index dc2d993..e38c03a 100644 --- a/config/armv7hl/vanilla +++ b/config/armv7hl/vanilla @@ -11305,7 +11305,7 @@ CONFIG_SECURITYFS=y CONFIG_SECURITY_NETWORK=y CONFIG_SECURITY_NETWORK_XFRM=y CONFIG_SECURITY_PATH=y -CONFIG_LSM_MMAP_MIN_ADDR=0 +CONFIG_LSM_MMAP_MIN_ADDR=32768 CONFIG_HAVE_HARDENED_USERCOPY_ALLOCATOR=y CONFIG_HARDENED_USERCOPY=y # CONFIG_HARDENED_USERCOPY_PAGESPAN is not set diff --git a/config/i386/vanilla b/config/i386/vanilla index ec4e664..c95829f 100644 --- a/config/i386/vanilla +++ b/config/i386/vanilla @@ -10068,7 +10068,7 @@ CONFIG_SECURITY_INFINIBAND=y CONFIG_SECURITY_NETWORK_XFRM=y CONFIG_SECURITY_PATH=y CONFIG_INTEL_TXT=y -CONFIG_LSM_MMAP_MIN_ADDR=0 +CONFIG_LSM_MMAP_MIN_ADDR=65536 CONFIG_HAVE_HARDENED_USERCOPY_ALLOCATOR=y CONFIG_HARDENED_USERCOPY=y CONFIG_FORTIFY_SOURCE=y diff --git a/config/ppc64/vanilla b/config/ppc64/vanilla index 26f3e45..b7ceef9 100644 --- a/config/ppc64/vanilla +++ b/config/ppc64/vanilla @@ -7919,7 +7919,7 @@ CONFIG_SECURITY_NETWORK=y CONFIG_SECURITY_INFINIBAND=y CONFIG_SECURITY_NETWORK_XFRM=y CONFIG_SECURITY_PATH=y -CONFIG_LSM_MMAP_MIN_ADDR=0 +CONFIG_LSM_MMAP_MIN_ADDR=65536 CONFIG_HAVE_HARDENED_USERCOPY_ALLOCATOR=y CONFIG_HARDENED_USERCOPY=y CONFIG_FORTIFY_SOURCE=y diff --git a/config/ppc64le/vanilla b/config/ppc64le/vanilla index abd7491..8e7b84f 100644 --- a/config/ppc64le/vanilla +++ b/config/ppc64le/vanilla @@ -7768,7 +7768,7 @@ CONFIG_SECURITY_NETWORK=y CONFIG_SECURITY_INFINIBAND=y CONFIG_SECURITY_NETWORK_XFRM=y CONFIG_SECURITY_PATH=y -CONFIG_LSM_MMAP_MIN_ADDR=0 +CONFIG_LSM_MMAP_MIN_ADDR=65536 CONFIG_HAVE_HARDENED_USERCOPY_ALLOCATOR=y CONFIG_HARDENED_USERCOPY=y CONFIG_FORTIFY_SOURCE=y diff --git a/config/riscv64/vanilla b/config/riscv64/vanilla index 7739137..2bfaf90 100644 --- a/config/riscv64/vanilla +++ b/config/riscv64/vanilla @@ -8818,7 +8818,7 @@ CONFIG_SECURITY_NETWORK=y CONFIG_SECURITY_INFINIBAND=y CONFIG_SECURITY_NETWORK_XFRM=y CONFIG_SECURITY_PATH=y -CONFIG_LSM_MMAP_MIN_ADDR=0 +CONFIG_LSM_MMAP_MIN_ADDR=65536 CONFIG_HAVE_HARDENED_USERCOPY_ALLOCATOR=y CONFIG_HARDENED_USERCOPY=y CONFIG_FORTIFY_SOURCE=y diff --git a/config/s390x/vanilla b/config/s390x/vanilla index 3eaf8d1..4f86c56 100644 --- a/config/s390x/vanilla +++ b/config/s390x/vanilla @@ -3905,7 +3905,7 @@ CONFIG_SECURITY_NETWORK=y CONFIG_SECURITY_INFINIBAND=y CONFIG_SECURITY_NETWORK_XFRM=y CONFIG_SECURITY_PATH=y -CONFIG_LSM_MMAP_MIN_ADDR=0 +CONFIG_LSM_MMAP_MIN_ADDR=65536 CONFIG_HAVE_HARDENED_USERCOPY_ALLOCATOR=y CONFIG_HARDENED_USERCOPY=y CONFIG_FORTIFY_SOURCE=y diff --git a/config/x86_64/vanilla b/config/x86_64/vanilla index ffc8a22..97191ac 100644 --- a/config/x86_64/vanilla +++ b/config/x86_64/vanilla @@ -9999,7 +9999,7 @@ CONFIG_SECURITY_INFINIBAND=y CONFIG_SECURITY_NETWORK_XFRM=y CONFIG_SECURITY_PATH=y CONFIG_INTEL_TXT=y -CONFIG_LSM_MMAP_MIN_ADDR=0 +CONFIG_LSM_MMAP_MIN_ADDR=65536 CONFIG_HAVE_HARDENED_USERCOPY_ALLOCATOR=y CONFIG_HARDENED_USERCOPY=y CONFIG_FORTIFY_SOURCE=y