lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <07c348caaf6b4c457ab4b452f53ed048@horotw.com>
Date: Mon, 15 Jan 2024 19:21:19 +0100
From: mail@...otw.com
To: Matthew Wilcox <willy@...radead.org>
Cc: linux-hardening@...r.kernel.org, Jakub Wilk <jwilk@...lk.net>, Salvatore
 Bonaccorso <carnil@...ian.org>, Linux Memory Management List
 <linux-mm@...ck.org>, William Kucharski <william.kucharski@...cle.com>
Subject: Re: Limited/Broken functionality of ASLR for Libs >= 2MB

Am 15.01.2024 17:52, schrieb Matthew Wilcox:
> On Mon, Jan 15, 2024 at 04:40:36PM +0000, Sam James wrote:
>> mail@...otw.com writes:
>> > Hey, I read that ASLR is currently (since kernel >=5.18) broken for
>> > 32bit libs and reduced in effectiveness for 64bit libs... (the issue
>> > only arises if a lib is over 2MB).
>> > I confirmed this for myself but only for the 64bit case.
>> >
>> > I saw that this issue is being tracked by ubuntu
>> > (https://bugs.launchpad.net/ubuntu-kernel-tests/+bug/1983357).
>> > If this is the wrong place and I should instead report it elsewhere I
>> > am very sorry.
>> 
>> See also https://bugs.debian.org/1024149. Unfortunately, I don't
>> think the issue found its way upstream until now (thanks).
>> 
>> CCing relevant maintainers (per the Debian bug).
> 
> You know, my email address is all over that commit and the doofus who
> "discovered the vulnerability" didn't even have the courtesy to let
> me know.  I've had several private emails about this over the last few
> days and I just don't care.  Who's running 32-bit code and cares about
> security?  32-bit kernels are known-vulnerable to all kinds of security
> problems, and I think this is the least of your worries.
> 
> This was intended to happen, it's not a surprise.

Hi,
first of all I am very sorry, I didn't realize I should have contacted 
you
first (I'm not the one who found the bug initially), I will do it
differently in the future.

Unfortunately, my knowledge is not sufficient to judge how bad it is 
that
32bit effectively has no ASLR support anymore.

64bit is also affected, even though there are probably more than enough
bits left there? I have since seen that both Arch and Ubuntu seem to 
have
"patches" in place 
(https://gitlab.archlinux.org/archlinux/packaging/packages/linux/-/commit/3904bcb32cc58c10232fb618bf96c1b43b0bc9d7)
in which they set the `CONFIG_ARCH_MMAP_RND_BITS=32` and
`CONFIG_ARCH_MMAP_RND_COMPAT_BITS=16`, I'm not sure if this is a good
result or if it will cause other problems.

Again, I apologize if I caused any inconvenience.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ