lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <20060819232556.GA16617@openwall.com>
Date:	Sun, 20 Aug 2006 03:25:56 +0400
From:	Solar Designer <solar@...nwall.com>
To:	Willy Tarreau <wtarreau@...a.kernel.org>
Cc:	linux-kernel@...r.kernel.org
Subject: [PATCH] introduce CONFIG_BINFMT_ELF_AOUT

Willy,

I propose the attached patch (extracted from 2.4.33-ow1) for inclusion
into 2.4.34-pre.  (2.6 kernels could benefit from the same change, too.)

The patch adds a new compile-time option to control the support for
"ELF binaries with a.out format interpreters or a.out libraries".
Without this patch, such support is enabled on every system that enables
the support for ELF binaries - although 99% (100%?) of systems don't
need this hybrid functionality.  Moreover, this functionality poses a
security risk - as proven in practice:

	http://www.isec.pl/vulnerabilities/isec-0021-uselib.txt

This uselib() vulnerability did not affect default kernel builds with
the -ow patch specifically due to separation of the unneeded/risky code
into CONFIG_BINFMT_ELF_AOUT and having this option disabled by default.
(Yes, this change in -ow patches pre-dates the discovery of the uselib()
vulnerability.)

The patch also changes CONFIG_BINFMT_AOUT to be disabled by default on
archs that had it default to enabled.  The a.out support is similarly
risky and not audited/hardened with the same scrutiny that the ELF
support has received.

Thanks,

Alexander

View attachment "linux-2.4.33-ow1-CONFIG_BINFMT_ELF_AOUT.diff" of type "text/plain" (26854 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ