Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

64-bit ARM MMAP_MIN_ADDR recommendation should be based on whether CONFIG_COMPAT is enabled #175

Open
thestinger opened this issue Jan 13, 2025 · 0 comments
Open

64-bit ARM MMAP_MIN_ADDR recommendation should be based on whether CONFIG_COMPAT is enabled #175

thestinger opened this issue Jan 13, 2025 · 0 comments

Comments

@thestinger
Copy link

This is meant to be 32768 not only on 32-bit ARM but also 64-bit ARM when 32-bit process compatibility is enabled. It should check for 32-bit compatibility and make the recommendation based on it. There's already a recommendation to disable 32-bit support for attack surface reduction and being able to raise MMAP_MIN_ADDR one a tiny, largely insignificant side benefit.

Here's a relevant snippet from security/Kconfig:

config LSM_MMAP_MIN_ADDR
	int "Low address space for LSM to protect from user allocation"
	depends on SECURITY && SECURITY_SELINUX
	default 32768 if ARM || (ARM64 && COMPAT)
	default 65536
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@thestinger