The upstream fix was:
https://lkml.org/lkml/2015/7/26/39
This backport fix for setting a safe LIST_POSION value was implemented in
PaX/Grsecurity in the 1st place. Then we realized PaX team and Spender
are right until CVE-2015-3636:
http://www.openwall.com/lists/oss-security/2015/05/02/11
"The current poison pointer values of LIST_POISON{1,2} might be
too big for mmap_min_addr values equal or less than 1 MB (common case,
e.g. Ubuntu uses only 0x10000). There is little point to use such a big
value given the "poison pointer space" below 1 MB is not yet exhausted.
Changing it to a smaller value solves the problem for small
mmap_min_addr setups.
The values are suggested by Solar Designer:
http://www.openwall.com/lists/oss-security/2015/05/02/6
"
Signed-off-by: Shawn Chang <citypw@gmail.com>
1 file changed