lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Thu, 2 Oct 2008 22:29:38 -0700 From: Kees Cook <kees.cook@...onical.com> To: Jakub Jelinek <jakub@...hat.com> Cc: Roland McGrath <roland@...hat.com>, linux-kernel@...r.kernel.org, Ulrich Drepper <drepper@...hat.com>, libc-alpha@...rceware.org Subject: [PATCH] ELF: implement AT_RANDOM for future glibc use While discussing[1] the need for glibc to have access to random bytes during program load, it seems that an earlier attempt to implement AT_RANDOM got stalled. This implements a configurable number of random bytes, as a multiple of userspace pointer size, available to every ELF program via a new auxv AT_RANDOM vector. [1] http://sourceware.org/ml/libc-alpha/2008-10/msg00006.html Signed-off-by: Kees Cook <kees.cook@...onical.com> --- fs/binfmt_elf.c | 20 ++++++++++++++++++++ include/linux/auxvec.h | 5 +++-- security/Kconfig | 9 +++++++++ 3 files changed, 32 insertions(+), 2 deletions(-) diff --git a/fs/binfmt_elf.c b/fs/binfmt_elf.c index 655ed8d..fbaa665 100644 --- a/fs/binfmt_elf.c +++ b/fs/binfmt_elf.c @@ -152,6 +152,8 @@ create_elf_tables(struct linux_binprm *bprm, struct elfhdr *exec, elf_addr_t __user *sp; elf_addr_t __user *u_platform; elf_addr_t __user *u_base_platform; + elf_addr_t __user *u_rand_bytes; + unsigned int rand_size; const char *k_platform = ELF_PLATFORM; const char *k_base_platform = ELF_BASE_PLATFORM; int items; @@ -196,6 +198,18 @@ create_elf_tables(struct linux_binprm *bprm, struct elfhdr *exec, return -EFAULT; } + rand_size = CONFIG_SECURITY_AUXV_RANDOM_SIZE * sizeof(elf_addr_t); + u_rand_bytes = NULL; + if (rand_size) { + unsigned char k_rand_bytes[CONFIG_SECURITY_AUXV_RANDOM_SIZE * + sizeof(elf_addr_t)]; + get_random_bytes(k_rand_bytes, rand_size); + + u_rand_bytes = (elf_addr_t __user *)STACK_ALLOC(p, rand_size); + if (__copy_to_user(u_rand_bytes, k_rand_bytes, rand_size)) + return -EFAULT; + } + /* Create the ELF interpreter info */ elf_info = (elf_addr_t *)current->mm->saved_auxv; /* update AT_VECTOR_SIZE_BASE if the number of NEW_AUX_ENT() changes */ @@ -228,6 +242,12 @@ create_elf_tables(struct linux_binprm *bprm, struct elfhdr *exec, NEW_AUX_ENT(AT_GID, tsk->gid); NEW_AUX_ENT(AT_EGID, tsk->egid); NEW_AUX_ENT(AT_SECURE, security_bprm_secureexec(bprm)); + if (rand_size) { + NEW_AUX_ENT(AT_RANDOM_SIZE, + (elf_addr_t)(unsigned long)rand_size); + NEW_AUX_ENT(AT_RANDOM, + (elf_addr_t)(unsigned long)u_rand_bytes); + } NEW_AUX_ENT(AT_EXECFN, bprm->exec); if (k_platform) { NEW_AUX_ENT(AT_PLATFORM, diff --git a/include/linux/auxvec.h b/include/linux/auxvec.h index d7afa9d..702e506 100644 --- a/include/linux/auxvec.h +++ b/include/linux/auxvec.h @@ -25,14 +25,15 @@ #define AT_CLKTCK 17 /* frequency at which times() increments */ #define AT_SECURE 23 /* secure mode boolean */ - #define AT_BASE_PLATFORM 24 /* string identifying real platform, may * differ from AT_PLATFORM. */ +#define AT_RANDOM_SIZE 25 /* number of random bytes at AT_RANDOM */ +#define AT_RANDOM 26 /* address of random bytes */ #define AT_EXECFN 31 /* filename of program */ #ifdef __KERNEL__ -#define AT_VECTOR_SIZE_BASE 18 /* NEW_AUX_ENT entries in auxiliary table */ +#define AT_VECTOR_SIZE_BASE 20 /* NEW_AUX_ENT entries in auxiliary table */ /* number of "#define AT_.*" above, minus {AT_NULL, AT_IGNORE, AT_NOTELF} */ #endif diff --git a/security/Kconfig b/security/Kconfig index f6c0429..64f0da9 100644 --- a/security/Kconfig +++ b/security/Kconfig @@ -114,6 +114,15 @@ config SECURITY_DEFAULT_MMAP_MIN_ADDR This value can be changed after boot using the /proc/sys/vm/mmap_min_addr tunable. +config SECURITY_AUXV_RANDOM_SIZE + int "Number of pointer-sized random byte strings in AT_RANDOM" + default 4 + help + This value determines how many pointer-sized random byte strings + are provided to programs via the auxv AT_RANDOM vector. It can + be used to initialize random values needed during program load. + + If you are unsure how many to use, answer 4. source security/selinux/Kconfig source security/smack/Kconfig -- 1.5.6.3 -- Kees Cook Ubuntu Security Team -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists