| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 14 May 2024 19:28:54 -0700
From: Linus Torvalds <torvalds@...ux-foundation.org>
To: Theo de Raadt <deraadt@...nbsd.org>
Cc: Matthew Wilcox <willy@...radead.org>, Jonathan Corbet <corbet@....net>,
Andrew Morton <akpm@...ux-foundation.org>, jeffxu@...omium.org, keescook@...omium.org,
jannh@...gle.com, sroettger@...gle.com, gregkh@...uxfoundation.org,
usama.anjum@...labora.com, Liam.Howlett@...cle.com, surenb@...gle.com,
merimus@...gle.com, rdunlap@...radead.org, jeffxu@...gle.com,
jorgelo@...omium.org, groeck@...omium.org, linux-kernel@...r.kernel.org,
linux-kselftest@...r.kernel.org, linux-mm@...ck.org, pedro.falcato@...il.com,
dave.hansen@...el.com, linux-hardening@...r.kernel.org
Subject: Re: [PATCH v10 0/5] Introduce mseal
On Tue, 14 May 2024 at 18:47, Theo de Raadt <deraadt@...nbsd.org> wrote:
>
> Linus Torvalds <torvalds@...ux-foundation.org> wrote:
>
> Regarding mprotect(), POSIX also says:
>
> An implementation may permit accesses other than those specified by
> prot; however, no implementation shall permit a write to succeed where
> PROT_WRITE has not been set or shall permit any access where PROT_NONE
> alone has been set.
Why do you quote entirely irrelevant issues?
If the mprotect didn't succeed, then clearly the above is irrelevant.
> When sealed memory is encountered in the middle of a range, an error
> will be returned (which almost noone looks at). Memory after the sealed
> region will not be fixed to follow this rule.
>
> It may retain higher permission.
This is not in any way specific to mseal().
Theo, you're making shit up.
You claim that this is somehow new behavior:
> The other previous errors have been transient system effects, like ENOMEM.
but that's simply NOT TRUE. Try this:
#include <stdio.h>
#include <sys/mman.h>
int main(int argc, char **argv)
{
/* Just three pages for VM space allocation */
void *a = mmap(NULL, 3*4096, PROT_READ, MAP_PRIVATE |
MAP_ANONYMOUS, -1, 0);
/* Make the second page a shared read mapping of stdin */
mmap(a+4096, 4096, PROT_READ, MAP_FIXED | MAP_SHARED, 0, 0);
/* Turn them all PROT_WRITE */
mprotect(a, 3*4096, PROT_WRITE);
fprintf(stderr, "Write to first page\n");
*(int *) (a+0) = 0;
fprintf(stderr, "Write to second page\n");
*(int *) (a+4096) = 0;
fprintf(stderr, "Write to third page\n");
*(int *) (a+2*4096) = 0;
}
and what you will get (under Linux) is
$ ./a.out < ./a.out
Write to first page
Write to second page
Segmentation fault (core dumped)
because that mprotect() will have returned EACCES on the shared
mapping, but will have successfully made the first one writable.
End result: this whole "transient system effects" is just not true.
And "mseal()" isn't somethign new.
If somebody makes random mprotect() calls, and doesn't check the
result, they get exactly what they deserve. And mseal() isn't the
issue - bad programming is.
Anyway, you're just making things up for your nonexistent arguments. I'm done.
Linus
Powered by blists - more mailing lists