[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <07c348caaf6b4c457ab4b452f53ed048@horotw.com>
Date: Mon, 15 Jan 2024 19:21:19 +0100
From: mail@...otw.com
To: Matthew Wilcox <willy@...radead.org>
Cc: linux-hardening@...r.kernel.org, Jakub Wilk <jwilk@...lk.net>, Salvatore
Bonaccorso <carnil@...ian.org>, Linux Memory Management List
<linux-mm@...ck.org>, William Kucharski <william.kucharski@...cle.com>
Subject: Re: Limited/Broken functionality of ASLR for Libs >= 2MB
Am 15.01.2024 17:52, schrieb Matthew Wilcox:
> On Mon, Jan 15, 2024 at 04:40:36PM +0000, Sam James wrote:
>> mail@...otw.com writes:
>> > Hey, I read that ASLR is currently (since kernel >=5.18) broken for
>> > 32bit libs and reduced in effectiveness for 64bit libs... (the issue
>> > only arises if a lib is over 2MB).
>> > I confirmed this for myself but only for the 64bit case.
>> >
>> > I saw that this issue is being tracked by ubuntu
>> > (https://bugs.launchpad.net/ubuntu-kernel-tests/+bug/1983357).
>> > If this is the wrong place and I should instead report it elsewhere I
>> > am very sorry.
>>
>> See also https://bugs.debian.org/1024149. Unfortunately, I don't
>> think the issue found its way upstream until now (thanks).
>>
>> CCing relevant maintainers (per the Debian bug).
>
> You know, my email address is all over that commit and the doofus who
> "discovered the vulnerability" didn't even have the courtesy to let
> me know. I've had several private emails about this over the last few
> days and I just don't care. Who's running 32-bit code and cares about
> security? 32-bit kernels are known-vulnerable to all kinds of security
> problems, and I think this is the least of your worries.
>
> This was intended to happen, it's not a surprise.
Hi,
first of all I am very sorry, I didn't realize I should have contacted
you
first (I'm not the one who found the bug initially), I will do it
differently in the future.
Unfortunately, my knowledge is not sufficient to judge how bad it is
that
32bit effectively has no ASLR support anymore.
64bit is also affected, even though there are probably more than enough
bits left there? I have since seen that both Arch and Ubuntu seem to
have
"patches" in place
(https://gitlab.archlinux.org/archlinux/packaging/packages/linux/-/commit/3904bcb32cc58c10232fb618bf96c1b43b0bc9d7)
in which they set the `CONFIG_ARCH_MMAP_RND_BITS=32` and
`CONFIG_ARCH_MMAP_RND_COMPAT_BITS=16`, I'm not sure if this is a good
result or if it will cause other problems.
Again, I apologize if I caused any inconvenience.
Powered by blists - more mailing lists