| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 17 Jul 2017 20:17:35 +1000
From: Michael Ellerman <mpe@...erman.id.au>
To: James Morse <james.morse@....com>, linux-kernel@...r.kernel.org
Cc: Zhou Chengming <zhouchengming1@...wei.com>,
Andrey Vagin <avagin@...nvz.org>,
Roland McGrath <roland@...k.frob.com>,
Oleg Nesterov <oleg@...hat.com>,
Yury Norov <ynorov@...iumnetworks.com>,
James Morse <james.morse@....com>,
linuxppc-dev@...ts.ozlabs.org
Subject: Re: [PATCH] ptrace: Add compat PTRACE_{G,S}ETSIGMASK handlers
James Morse <james.morse@....com> writes:
> compat_ptrace_request() lacks handlers for PTRACE_{G,S}ETSIGMASK,
> instead using those in ptrace_request(). The compat variant should
> read a compat_sigset_t from userspace instead of ptrace_request()s
> sigset_t.
>
> While compat_sigset_t is the same size as sigset_t, it is defined as
> 2xu32, instead of a single u64. On a big-endian CPU this means that
> compat_sigset_t is passed to user-space using middle-endianness,
> where the least-significant u32 is written most significant byte
> first.
>
> If ptrace_request()s code is used userspace will read the most
> significant u32 where it expected the least significant.
But that's what the code has done since 2013.
So won't changing this break userspace that has been written to work
around that bug? Or do we think nothing actually uses it in the wild and
we can get away with it?
cheers
Powered by blists - more mailing lists