| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <200401192346.i0JNkeOf008972@turing-police.cc.vt.edu>
From: Valdis.Kletnieks at vt.edu (Valdis.Kletnieks@...edu)
Subject: Re: January 15 is Personal Firewall Day, help the cause
On Mon, 19 Jan 2004 20:02:19 +0100, Michal Zalewski said:
> How is it an issue? I think it is a feature - it is noexec that is pretty
> badly broken by design, and nearly impossible to render secure... and what
> does Linux kernel have to do with addressing it?
Well, if you consider noexec to be a feature, the /lib/ld-linux trick was a bug in it.
In what way is it "badly broken"?
> Disclaimer: I don't have 2.6 sources at hand, maybe this is the case
> (although I somehow doubt there is a reasonable way to fix it kernel -
> how, by refusing PROT_EXEC mappings from files on noexec partitions? hope
> not).
Here's Ulrich Drepper's patch, as Linus took it:
struct rb_node ** rb_link, * rb_parent;
unsigned long charged = 0;
- if (file && (!file->f_op || !file->f_op->mmap))
- return -ENODEV;
+ if (file) {
+ if (!file->f_op || !file->f_op->mmap)
+ return -ENODEV;
+
+ if ((prot & PROT_EXEC) && (file->f_vfsmnt->mnt_flags & MNT_NOEXEC))
+ return -EPERM;
+ }
if (!len)
return addr;
So yes, they're stomping on PROT_EXEC. The same code is also in 2.4.25-pre6.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 226 bytes
Desc: not available
Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20040119/dc9853b0/attachment.bin
Powered by blists - more mailing lists