mmap zero mapping disallowed (Re: svn commit: r197537 - head/sys/vm])

[Robert Watson]

On Sun, 27 Sep 2009, Julian Elischer wrote:

> What they need to do now is find a fault where the offset is > 4096..
>
> I wouldn't bet against it..

Oh, certainly -- this isn't a security policy, it's a vulnerability mitigation 
technique.  It can be bypassed in the right (wrong?) circumstances, just like 
stack overflow protection, etc.  However, it's also a potentially effective 
tool for limiting easier exploit paths.  The kernel has a lot of 0x$smallnum 
failure modes, and probably significantly fewer 0x$arbitraryconstant ones, so 
limiting the former has benefit even if it doesn't limit the latter.

To more thoroughly eliminate this type of exploit path, we'd need to move to 
independent kernel/user address spaces, which would increase robustness at 
signficant cost to performance.  I think the current strategy offers some nice 
middle-ground benefits, and certainly makes it more tricky to exploit several 
reported vulnerabilities in the last year.

Robert