lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <aa67f1df-f2c4-4427-9e06-5f659fc7ec24@linux-m68k.org>
Date: Thu, 8 Aug 2024 09:39:37 +1000
From: Greg Ungerer <gerg@...ux-m68k.org>
To: Kees Cook <kees@...nel.org>, Palmer Dabbelt <palmer@...belt.com>
Cc: Stefan O'Rear <sorear@...tmail.com>, Alexandre Ghiti <alex@...ti.fr>,
 Damien Le Moal <dlemoal@...nel.org>, Alexander Viro
 <viro@...iv.linux.org.uk>, Christian Brauner <brauner@...nel.org>,
 Jan Kara <jack@...e.cz>, Eric Biederman <ebiederm@...ssion.com>,
 linux-fsdevel@...r.kernel.org, linux-mm@...ck.org,
 Damien Le Moal <damien.lemoal@....com>, linux-kernel@...r.kernel.org,
 linux-hardening@...r.kernel.org
Subject: Re: [PATCH v2] binfmt_flat: Fix corruption when not offsetting data
 start

Hi Kees,

On 8/8/24 05:51, Kees Cook wrote:
> Commit 04d82a6d0881 ("binfmt_flat: allow not offsetting data start")
> introduced a RISC-V specific variant of the FLAT format which does
> not allocate any space for the (obsolete) array of shared library
> pointers. However, it did not disable the code which initializes the
> array, resulting in the corruption of sizeof(long) bytes before the DATA
> segment, generally the end of the TEXT segment.
> 
> Introduce MAX_SHARED_LIBS_UPDATE which depends on the state of
> CONFIG_BINFMT_FLAT_NO_DATA_START_OFFSET to guard the initialization of
> the shared library pointer region so that it will only be initialized
> if space is reserved for it.
> 
> Fixes: 04d82a6d0881 ("binfmt_flat: allow not offsetting data start")
> Co-developed-by: Stefan O'Rear <sorear@...tmail.com>
> Signed-off-by: Stefan O'Rear <sorear@...tmail.com>
> Signed-off-by: Kees Cook <kees@...nel.org>

Looks good.

Acked-by: Greg Ungerer <gerg@...ux-m68k.org>

Regards
Greg


> ---
>   v2: update based on v1 feedback
>   v1: https://lore.kernel.org/linux-mm/20240326032037.2478816-1-sorear@fastmail.com/
> Cc: Palmer Dabbelt <palmer@...belt.com>
> Cc: Alexandre Ghiti <alex@...ti.fr>
> Cc: Greg Ungerer <gerg@...ux-m68k.org>
> Cc: Damien Le Moal <dlemoal@...nel.org>
> Cc: Alexander Viro <viro@...iv.linux.org.uk>
> Cc: Christian Brauner <brauner@...nel.org>
> Cc: Jan Kara <jack@...e.cz>
> Cc: Eric Biederman <ebiederm@...ssion.com>
> Cc: linux-fsdevel@...r.kernel.org
> Cc: linux-mm@...ck.org
> ---
>   fs/binfmt_flat.c | 4 +++-
>   1 file changed, 3 insertions(+), 1 deletion(-)
> 
> diff --git a/fs/binfmt_flat.c b/fs/binfmt_flat.c
> index c26545d71d39..cd6d5bbb4b9d 100644
> --- a/fs/binfmt_flat.c
> +++ b/fs/binfmt_flat.c
> @@ -72,8 +72,10 @@
>   
>   #ifdef CONFIG_BINFMT_FLAT_NO_DATA_START_OFFSET
>   #define DATA_START_OFFSET_WORDS		(0)
> +#define MAX_SHARED_LIBS_UPDATE		(0)
>   #else
>   #define DATA_START_OFFSET_WORDS		(MAX_SHARED_LIBS)
> +#define MAX_SHARED_LIBS_UPDATE		(MAX_SHARED_LIBS)
>   #endif
>   
>   struct lib_info {
> @@ -880,7 +882,7 @@ static int load_flat_binary(struct linux_binprm *bprm)
>   		return res;
>   
>   	/* Update data segment pointers for all libraries */
> -	for (i = 0; i < MAX_SHARED_LIBS; i++) {
> +	for (i = 0; i < MAX_SHARED_LIBS_UPDATE; i++) {
>   		if (!libinfo.lib_list[i].loaded)
>   			continue;
>   		for (j = 0; j < MAX_SHARED_LIBS; j++) {

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ