lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Sun, 19 Jul 2009 12:27:05 -0700 (PDT)
From:	Linus Torvalds <torvalds@...ux-foundation.org>
To:	Athanasius <link@...gy.org>
cc:	Julien TINNES <jt@....org>,
	linux-kernel <linux-kernel@...r.kernel.org>,
	Greg KH <gregkh@...e.de>,
	Tavis Ormandy <taviso@....lonestar.org>,
	Christoph Hellwig <hch@...radead.org>,
	Kees Cook <kees@...ntu.com>, Eugene Teo <eugene@...hat.com>
Subject: Re: [link@...gy.org: Re: [patch 2/8] personality: fix PER_CLEAR_ON_SETID
 (CVE-2009-1895)]


On Sun, 19 Jul 2009, Athanasius wrote:
> 
>   And it's that "as long as we ..." that still bothers me.  I've *never*
> had any need for any use of this personality feature and this net/tun.c
> exploit has proven there can be security gotchas with it.

I do agree. Some of those features may not be worth the cost.

That said, this particular feature made sense at the time it was 
implemented. Some people really _did_ care about running SVR4 binaries on 
Linux. There was a time when it was seen as a feature, and important 
enough to work with. So that "map a zero page at NULL" was an important 
thing that we wanted such binaries to be able to depend on.

These days? We could probably get rid of that idiotic feature. It's simply 
not important enough any more. Does anybody really care? At the same time, 
over years we've grown _other_ personality flags, and some of them are 
still relevant.

Some binaries are unhappy with address space randomizations. Sometimes 
it's because of outright bugs (that just were hidden by non-randomized VM 
layout) - but that doesn't really help, does it? If you depend on that 
binary, as a user you want the ability to say "run this binary in a mode 
where it works".

Other binaries are unhappy with address space randomization because they 
need to get the absolute maximum contiguous VM space for some big array. 
Ok, so that's less of an issue in 64-bit mode, but there really are 
programs out there that link everything statically and want to run at a 
low virtual address so that they can get 2.5GB of virtual memory for one 
single big allocation. I've written crap like that myself. I'm not _proud_ 
of it, but I could easily see that programs like that could be unhappy if 
the system wiggles mmap's around for security issues.

So I do agree that we can probably get rid of some really dated 
personality bits. But I don't think we can really get rid of the concept. 
Because compatibility is always of paramount importance.

		Linus
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ