lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20090118111831.GA4818@osiris.boeblingen.de.ibm.com>
Date:	Sun, 18 Jan 2009 12:18:31 +0100
From:	Heiko Carstens <heiko.carstens@...ibm.com>
To:	Andrew Morton <akpm@...ux-foundation.org>
Cc:	linux-arch@...r.kernel.org, linux-kernel@...r.kernel.org,
	Martin Schwidefsky <schwidefsky@...ibm.com>
Subject: SET_PERSONALITY and TASK_SIZE

Hi Andrew,

while debugging I noticed the following comment in fs/binfmt_elf.c:

			/*
			 * The early SET_PERSONALITY here is so that the lookup
			 * for the interpreter happens in the namespace of the 
			 * to-be-execed image.	SET_PERSONALITY can select an
			 * alternate root.
			 *
			 * However, SET_PERSONALITY is NOT allowed to switch
			 * this task into the new images's memory mapping
			 * policy - that is, TASK_SIZE must still evaluate to
			 * that which is appropriate to the execing application.
			 * This is because exit_mmap() needs to have TASK_SIZE
			 * evaluate to the size of the old image.
			 *
			 * So if (say) a 64-bit application is execing a 32-bit
			 * application it is the architecture's responsibility
			 * to defer changing the value of TASK_SIZE until the
			 * switch really is going to happen - do this in
			 * flush_thread().	- akpm
			 */

At least s390 isn't doing the deferred TASK_SIZE switch. Also it seems like
MIPS, PARISC and IA64 don't do it either. However from a quick a view I
couldn't see that exit_mmap depends on TASK_SIZE. So is this still necessary?

And the bug I was looking for is this one: in SET_PERSONALITY we do this:

	if (current->personality != PER_LINUX32)
		set_personality(PER_LINUX);

However we should use the PER_MASK if we want to check for PER_LINUX32,
since there are more bits in the personality flags. In case any of the
'extra' bits is set we may incorrectly set personality to PER_LINUX even
when we want PER_LINUX32.

Looks like more architectures should do something like:

	if (personality(current->personality) != PER_LINUX32)
		...
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ