lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-Id: <200710041308.l94D8ZZD015983@harpo.it.uu.se>
Date:	Thu, 4 Oct 2007 15:08:35 +0200 (MEST)
From:	Mikael Pettersson <mikpe@...uu.se>
To:	kamezawa.hiroyu@...fujitsu.com, shiwh@...fujitsu.com
Cc:	linux-kernel@...r.kernel.org, mikpe@...uu.se
Subject: Re: [PATCH 1/3] signal(i386): alternative signal stack wraparound occurs

On Thu, 4 Oct 2007 21:47:30 +0900, KAMEZAWA Hiroyuki wrote:
> On Thu, 04 Oct 2007 21:33:12 +0900
> Shi Weihua <shiwh@...fujitsu.com> wrote:
> 
> > KAMEZAWA Hiroyuki wrote::
> > > On Thu, 04 Oct 2007 20:56:14 +0900
> > > Shi Weihua <shiwh@...fujitsu.com> wrote:
> > > 
> > >> 	stack.ss_sp = addr + pagesize;
> > >> 	stack.ss_flags = 0;
> > >> 	stack.ss_size = pagesize;
> > > Here is bad. 
> > > stack,ss_sp = addr;
> > > stack.ss_flags = 0;
> > > stack.ss_size = pagesize * 2;
> > [What the test code want to do]
> > addr+pagesize*2 - addr+pagesize	 -> sigaltstack
> > addr+pagesize	- addr		 -> protected region
> > The code want to catch overflow when esp enter the protected region.
> > 
> You have to protect the top of *registered* sigaltstack.
> The reason of wraparound is %esp will be set to the bottom of sigaltstack
> if it is not on sigaltstack area when signaled.
> What you have to do is protect the top of registerd sigaltstack.
> If %esp is in the range of registerd sigaltstack at SEGV, wraparound
> will stop.

Exactly right. You mprotect or munmap the end of the altstack,
not the area beyond it.

/Mikael
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ