| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <201010050648.o956m7r6094121@www262.sakura.ne.jp> Date: Tue, 05 Oct 2010 15:48:07 +0900 From: Tetsuo Handa <penguin-kernel@...ove.SAKURA.ne.jp> To: kosaki.motohiro@...fujitsu.com Cc: linux-fsdevel@...r.kernel.org, linux-kernel@...r.kernel.org Subject: Re: Is it legal to return positive value when do_execve() succeeds? KOSAKI Motohiro wrote: > > Thus, I think retval could be > > ELF_PAGEALIGN(elf_bss + load_bias) if elf_bss + load_bias is bogus. > > What's mean bogus? > do_brk() call get_unmapped_area() and it check an argument is correctly > unmapped and userland address. If elf_bss + load_bias point to invalid > address, set_brk doesn't return elf_bss+load_bias. > > > > I'm OK with this if it is guaranteed that elf_bss + load_bias is always valid > > and set_brk() never returns ELF_PAGEALIGN(elf_bss + load_bias). > > I think elf_bss + load_bias could be invalid (i.e. >TASK_SIZE). > but set_brk can detect it. > Indeed. Then, we can replace BAD_ADDR() with IS_ERR_VALUE() as you proposed. Well... who returns positive value when do_execve() succeeds? Nobody? Then, I wonder why search_binary_handler() is designed to return positive value... -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists