lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Fri, 20 Jul 2007 15:05:51 -0700
From:	"H. Peter Anvin" <hpa@...or.com>
To:	Ulrich Kunitz <kune@...ne-taler.de>
CC:	linux-kernel@...r.kernel.org, honza@...os.cz, jkosina@...e.cz
Subject: Re: Is PIE randomization breaking klibc binaries?

Ulrich Kunitz wrote:
> Since this week new linux-2.6/master kernels don't work with my
> initial ram disks. The sleep binary runs repeatingly into
> segmentation faults until the Busybox shell starts. My system is a
> x86-64 with Kubuntu Feisty Fawn.
> 
> By bisecting I found out that the PIE randomization patch (commit 60bfba7e)
> appears to cause the segmentation faults.
> 
> Digging further into the issue I found out, that the sleep binary
> on the initial ramdisk is a klibc binary. /usr/bin/file says it is
> statically linked and uses shared libraries. I have no clue about
> klibc, but the binaries seem to be statically linked, but load a
> shared library; probably at a fixed address. Other klibc binaries are also
> running into segmentation faults. Busybox is working, but it is
> statically linked and doesn't use a shared library.
> 
> It looks like that the PIE randomization patch breaks klibc
> binaries on x86-64.
> 

Interesting.

klibc binaries are indeed statically linked, but composed of two
different ELF images: the application itself and the shared libary
(which is referenced from the application header as the "interpreter").
 Neither of these is an ET_DYN file; they are both ET_EXEC, so it
*should* be unaffected by the PIE randomization patch.  Obviously, that
seems to not be the case.

My guess is that this patch mishandles interpreter images which are
ET_EXEC.  Jan, any insight?

	-hpa
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ