lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date:	Wed, 19 Dec 2007 09:21:25 +0200
From:	Dotan Barak <dotanb@....mellanox.co.il>
To:	linux-kernel@...r.kernel.org
CC:	dotanb@....mellanox.co.il
Subject: The code segment of the user level in PPC64 are in VMAs with write
 permissions

Hi all.

I noticed that the code segment of the user level in PPC64 machines
is in a VMA with a write permission enabled.

I'm using the following machine attributes:
*************************************************************
Host Name         : mtlsqt185
Host Architecture : ppc64
Linux Distribution: SUSE Linux Enterprise Server 10 (ppc) VERSION = 10 
PATCHLEVEL = 1
Kernel Version    : 2.6.16.53-0.16-ppc64
GCC Version       : gcc (GCC) 4.1.2 20070115 (prerelease) (SUSE Linux)
Memory size       : 1740232 kB
Number of CPUs    : 8
cpu MHz           : 4005.000000MHz
Driver Version    : OFED-1.2.5.4-20071210-0614
HCA ID(s)         : mlx4_0
HCA model(s)      : 25418
FW version(s)     : 2.3.906
Board(s)          : IBM08A0000001
*************************************************************

I printed the address of a function in my program and i got the value 
0x1005ac80.

I printed the VMAs in my process and i got the following output:
mtlsqt185:~ # cat /proc/17366/maps
00100000-00103000 r-xp 00100000 00:00 0
10000000-1004a000 r-xp 00000000 08:03 1063667                            
/tmp/tsscr/svn.mlx_tp/branches/ofed1.2.5/gen2/userspace/useraccess/gen2_basic/gen2_basic 

1005a000-1005e000 rw-p 0004a000 08:03 1063667                            
/tmp/tsscr/svn.mlx_tp/branches/ofed1.2.5/gen2/userspace/useraccess/gen2_basic/gen2_basic 

1005e000-1015f000 rw-p 1005e000 00:00 0                                  
[heap]

Is this is a security hole (any virus can change the code in the code 
segment ...)

can you please CC me the answers o this question?


thanks
Dotan
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ