lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date:	Fri, 16 Jul 2010 15:12:39 -0500
From:	Rob Landley <rob@...dley.net>
To:	Andrew Morton <akpm@...ux-foundation.org>
Cc:	linux-kernel@...r.kernel.org
Subject: Question about binfmt_elf.c

Could somebody please update this comment to explain why fiddling with 
strangely protected bss is _not_ an easy way to leak arbitrary amounts of 
uninitalized kernel memory (with whatever previous contents they have) to 
userspace?

    nbyte = ELF_PAGEOFFSET(elf_bss);
    if (nbyte) {
            nbyte = ELF_MIN_ALIGN - nbyte;
            if (nbyte > elf_brk - elf_bss)
                        nbyte = elf_brk - elf_bss;
            if (clear_user((void __user *)elf_bss +
                                    load_bias, nbyte)) {
                    /*
                     * This bss-zeroing can fail if the ELF
                     * file specifies odd protections. So
                     * we don't check the return value
                      */
            }
    }

Just curious.  Reading through the code and trying to understand it...

Rob
-- 
GPLv3: as worthy a successor as The Phantom Meanace, as timely as Duke Nukem 
Forever, and as welcome as New Coke.
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ