config DEFAULT_MMAP_MIN_ADDR
        int "Low address space to protect from user allocation"
        default 4096
        help
          This is the portion of low virtual memory which should be protected
          from userspace allocation.  Keeping a user from writing to low pages
          can help reduce the impact of kernel NULL pointer bugs.

          For most ia64, ppc64 and x86 users with lots of address space
          a value of 65536 is reasonable and should cause no problems.
          On arm and other archs it should not be higher than 32768.

Ъ:
October 22, 2009
CVE-2009-2695

    Eric Paris provided several fixes to increase the protection
    provided by the mmap_min_addr tunable against NULL pointer
    dereference vulnerabilities.

cat /etc/debian_version && uname -a && cat /proc/sys/vm/mmap_min_addr
squeeze/sid
Linux ubuntu 2.6.31-14-generic #48-Ubuntu SMP Fri Oct 16 14:05:01 UTC 2009 x86_64 GNU/Linux
65536

2.6.18
x86_64

uname -a
Linux azure 2.6.31 #2 SMP Sat Oct 17 19:39:33 EEST 2009 x86_64 AMD Athlon(tm) 64 X2 Dual Core Processor 3600+ AuthenticAMD GNU/Linux

Gentoo, vanilla-sources

uname -a
Linux plaza 2.6.29 #4 SMP Thu Sep 17 00:03:06 EEST 2009 i686 Intel(R) Celeron(R) CPU 2.13GHz GenuineIntel GNU/Linux

gentoo, vanilla sources

http://pavlinux.ru/rk/cheddar_bay.tgz

осталось затестить рабочий exploit :)

# cat /proc/sys/vm/mmap_min_addr
65536

$ cat /proc/sys/vm/mmap_min_addr
65536

И чем оно открытее Windows, если все решает один маразматик...

если уж чешутся руки рассказать, как "разработчики OpenBSD" обсудили Линуса, то стоит наверное и показать, как Линус успел обсудить "разработчиков OpenBSD"

http://lkml.org/lkml/2008/7/15/296

и как он видит политику безопасности ядра. http://lkml.org/lkml/2009/6/1/301

А в Ubuntu 9.04 (по умолчанию)
0

Вот, вроде бы один проект, а два разных подхода. ИМХО считаю настройку этого параметра должны производить мантайнеры дистров, а их много. Тут у каждого своя политика, зачем Линусу этим заниматься? Потом всеравно переделают.

# cat /proc/sys/vm/mmap_min_addr
65536

# cat /proc/sys/vm/mmap_min_addr && lsb_release -a && uname -rpi
4096
LSB Version:    :core-3.1-ia32:core-3.1-noarch:graphics-3.1-ia32:graphics-3.1-noarch
Distributor ID: CentOS
Description:    CentOS release 5.4 (Final)
Release:        5.4
Codename:       Final
2.6.18-164.el5 i686 i386

# cat /proc/sys/vm/mmap_min_addr && lsb_release -a && uname -rpi
4096
LSB Version:    :core-3.1-amd64:core-3.1-ia32:core-3.1-noarch:graphics-3.1-amd64:graphics-3.1-ia32:graphics-3.1-noarch
Distributor ID: CentOS
Description:    CentOS release 5.3 (Final)
Release:        5.3
Codename:       Final
2.6.18-164.el5xen x86_64 x86_64

# uname -a
Linux Debian-40-etch-64-minimal 2.6.26-2-openvz-amd64 #1 SMP Wed Aug 19 23:15:49 UTC 2009 x86_64 GNU/Linux
# echo 4096 > /proc/sys/vm/mmap_min_addr
-su: /proc/sys/vm/mmap_min_addr: No such file or directory

О чём это говорит?

# uname -a
Linux linux-3gep 2.6.27.37-0.1-default #1 SMP 2009-10-15 14:56:58 +0200 x86_64 x86_64 x86_64 GNU/Linux
# cat /proc/sys/vm/mmap_min_addr
65536

/etc/sysctl.d/30-wine.conf

# Wine needs to access the bottom 64k of memory in order to launch
# 16 bit programs.
vm.mmap_min_addr = 0

[gw-lower:remote]# uname -a
Linux gw-lower 2.6.24-etchnhalf.1-686 #1 SMP Tue Dec 2 07:56:33 UTC 2008 i686 GNU/Linux

~/cheddar_bay$ ./exploit
[+] MAPPED ZERO PAGE!
[+] Resolved tun_fops to 0xd0b56da0
[+] Resolved nf_unregister_hooks to 0xc0275cd5
[+] Resolved sel_read_enforce to 0xc01c67e0
[+] *0xd0b56dcc |= 1
[+] b00m!
[+] Disabled security of : nothing, what an insecure machine!
[+] Failed to get root :( Something's wrong.  Maybe the kernel isn't vulnerable?