| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 21 Jun 2007 13:08:36 +0200 From: Bodo Eggert <7eggert@....de> To: Albert Cahalan <acahalan@...il.com>, William Lee Irwin III <wli@...omorphy.com>, linux-kernel@...r.kernel.org Subject: Re: JIT emulator needs Albert Cahalan <acahalan@...il.com> wrote: > On 6/19/07, William Lee Irwin III <wli@...omorphy.com> wrote: >> On Fri, Jun 08, 2007 at 02:35:22AM -0400, Albert Cahalan wrote: >>> Right now, Linux isn't all that friendly to JIT emulators. >>> Here are the problems and suggestions to improve the situation. >>> There is an SE Linux execmem restriction that enforces W^X. >>> Assuming you don't wish to just disable SE Linux, there are >>> two ugly ways around the problem. You can mmap a file twice, >>> or you can abuse SysV shared memory. The mmap method requires >>> that you know of a filesystem mounted rw,exec where you can >>> write a very large temporary file. This arbitrary filesystem, >>> rather than swap space, will be the backing store. The SysV >>> shared memory method requires an undocumented flag and is >>> subject to some annoying size limits. Both methods create >>> objects that will fail to be deleted if the program dies >>> before marking the objects for deletion. >> >> If the policy forbidding self-modifying code lacks a method of >> exempting programs such as JIT interpreters (which I doubt) then >> it's a problem. I'm with Alan on this one. > > It does and it doesn't. There is not a reasonable way for a > user to mark an app as needing full self-modifying ability. > It's not like the executable stack, which can be set via the > ELF note markings on the executable. (ELF note markings are > ideal because they can not be used via a ret-to-libc attack) > > With admin privs, one can change SE Linux settings. Mark the > executable, disable the protection system-wide, generate a > completely new SE Linux policy, or just turn SE Linux off. According to the documents I found about SELinux, you can also - create a this-app-needs-selfmodification type - allow users to change the context type of their files to this type - configure a domain to allow self-modification - configure the domain transition Brave words from someone who did not yet successfully find the magic in order to install the refpolicy on debilian (after finding their refpolicy-foo to be incomplete and their refpolicy-src to not compile). -- Why do women have smaller feet than men? It's one of those "evolutionary things" that allows them to stand closer to the kitchen sink. Friß, Spammer: Jy@...xq.7eggert.dyndns.org d-afnhbe@....7eggert.dyndns.org - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists