| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 6 Aug 2008 17:34:59 -0700 (PDT) From: md@...gle.com (Michael Davidson) To: mingo@...hat.com, tglx@...utronix.de Cc: linux-kernel@...r.kernel.org Subject: [PATCH] x86: prevent binaries from making system calls using the wrong syscall interface Prevent binaries from making system calls using other than one of the "normal" system call interfaces for that binary type. Currently there is nothing to prevent 64 bit binaries from attempting to make system calls using the 32 bit system call interfaces and vice versa. Since the 32 bit and 64 bit system call numbers are different this means that a binary could attempt to obfuscate which system calls it was actually making by using the "wrong" system call interface. In particular, the call to audit_syscall_entry() relies on checking the TIF_IA32 flag to determine whether it is dealing with a 32 or 64 bit system call without regard to the actual type of system call that was made.While this specific issue could be addressed by checking the TS_COMPAT flag in threadinfo_status it seems preferable to simply disallow this situation altogether. Signed-off-by: Michael Davidson <md@...gle.com> --- Index: linux-2.6.26.2/arch/x86/ia32/ia32entry.S =================================================================== --- linux-2.6.26.2.orig/arch/x86/ia32/ia32entry.S 2008-08-06 09:19:01.000000000 -0700 +++ linux-2.6.26.2/arch/x86/ia32/ia32entry.S 2008-08-06 13:34:54.566992000 -0700 @@ -123,6 +123,8 @@ .quad 1b,ia32_badarg .previous GET_THREAD_INFO(%r10) + testl $_TIF_IA32,threadinfo_flags(%r10) + jz ia32_bad_abi orl $TS_COMPAT,threadinfo_status(%r10) testl $(_TIF_SYSCALL_TRACE|_TIF_SYSCALL_AUDIT|_TIF_SECCOMP),threadinfo_flags(%r10) CFI_REMEMBER_STATE @@ -230,6 +232,8 @@ .quad 1b,ia32_badarg .previous GET_THREAD_INFO(%r10) + testl $_TIF_IA32,threadinfo_flags(%r10) + jz ia32_bad_abi orl $TS_COMPAT,threadinfo_status(%r10) testl $(_TIF_SYSCALL_TRACE|_TIF_SYSCALL_AUDIT|_TIF_SECCOMP),threadinfo_flags(%r10) CFI_REMEMBER_STATE @@ -324,6 +328,8 @@ this could be a problem. */ SAVE_ARGS 0,0,1 GET_THREAD_INFO(%r10) + testl $_TIF_IA32,threadinfo_flags(%r10) + jz ia32_bad_abi orl $TS_COMPAT,threadinfo_status(%r10) testl $(_TIF_SYSCALL_TRACE|_TIF_SYSCALL_AUDIT|_TIF_SECCOMP),threadinfo_flags(%r10) jnz ia32_tracesys @@ -347,6 +353,8 @@ jmp ia32_do_syscall END(ia32_syscall) +ia32_bad_abi: + CFI_REMEMBER_STATE ia32_badsys: movq $0,ORIG_RAX-ARGOFFSET(%rsp) movq $-ENOSYS,RAX-ARGOFFSET(%rsp) Index: linux-2.6.26.2/arch/x86/kernel/entry_64.S =================================================================== --- linux-2.6.26.2.orig/arch/x86/kernel/entry_64.S 2008-08-06 09:19:01.000000000 -0700 +++ linux-2.6.26.2/arch/x86/kernel/entry_64.S 2008-08-06 13:26:28.771994000 -0700 @@ -244,7 +244,7 @@ movq %rcx,RIP-ARGOFFSET(%rsp) CFI_REL_OFFSET rip,RIP-ARGOFFSET GET_THREAD_INFO(%rcx) - testl $(_TIF_SYSCALL_TRACE|_TIF_SYSCALL_AUDIT|_TIF_SECCOMP),threadinfo_flags(%rcx) + testl $(_TIF_SYSCALL_TRACE|_TIF_SYSCALL_AUDIT|_TIF_SECCOMP|_TIF_IA32),threadinfo_flags(%rcx) jnz tracesys cmpq $__NR_syscall_max,%rax ja badsys @@ -318,6 +318,8 @@ /* Do syscall tracing */ tracesys: + testl $_TIF_IA32,threadinfo_flags(%rcx) + jnz badsys SAVE_REST movq $-ENOSYS,RAX(%rsp) /* ptrace can change this for a bad syscall */ FIXUP_TOP_OF_STACK %rdi -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists