lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Thu, 6 Mar 2008 15:06:20 +0100
From:	Olivier Galibert <galibert@...ox.com>
To:	David Daney <ddaney@...rex.com>
Cc:	Michael Matz <matz@...e.de>, Joe Buck <Joe.Buck@...opsys.COM>,
	Jan Hubicka <hubicka@....cz>,
	Aurelien Jarno <aurelien@...el32.net>,
	"H. Peter Anvin" <hpa@...or.com>, linux-kernel@...r.kernel.org,
	gcc@....gnu.org
Subject: Re: RELEASE BLOCKER: Linux doesn't follow x86/x86-64 ABI wrt direction   flag

On Wed, Mar 05, 2008 at 03:21:43PM -0800, David Daney wrote:
> Olivier Galibert wrote:
> >On Wed, Mar 05, 2008 at 10:43:33PM +0100, Michael Matz wrote:
> >>FWIW I don't think it's a release blocker for 4.3.0.  The error is arcane 
> >>and happens seldomly if at all.  And only on unfixed kernels.  A program 
> >>needs to do std explicitely, which most don't do _and_ get hit by a 
> >>signal while begin in a std region.  This happens so seldom that it 
> >>didn't occur in building the next openSuSE 11.0, and it continually 
> >>builds packages with 4.3 since months.
> >
> >How would you know whether it has happened?
> >
> 
> The same way you do with other bugs: You would observe unexpected behavior.
>
> In this case probably either corrupted memory or a SIGSEGV.

So that probably means the programs you use for compiling packages
probably aren't hit.  Doesn't mean the packages you've compiled with
it aren't hit.  Compiling packages doesn't test what's in them at all.

It's extremely rare, no doubt about it.  It's just that it *yells*
security issue in the making.  It's not a source bug, i.e. not easily
reviewable.  It's related to signal handlers which are the mark of a
server and/or more failure-conscious program than usual.  It's obscure
(breaking a stringop, probably memset, or a not-paranoid-enough inline
asm in a signal handler through a running memmove in the main program,
oh my) but reasonably predictable for someone looking for an
exploitable flaw.

It's gcc's job to adapt to the realities of its running environment,
not the other way around.

  OG.

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ