lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date:	Tue, 1 Mar 2011 06:33:21 +0100
From:	Frank Heckenbach <f.heckenbach@...soft.de>
To:	linux-kernel@...r.kernel.org, jkosina@...e.cz
Subject: Re: brk() should check
	randomize_va_space rather then CONFIG_COMPAT_BRK

Jiri Kosina wrote:

> On Mon, 28 Feb 2011, Jiri Kosina wrote:
> 
> > how do you avoid race here?
> > 
> > More precisely -- randomize_va_space can be changed in runtime, when 
> > already running processess have been started with different 
> > randomize_va_space value (and thus the shifting of mm->brk already 
> > happened in arch_randomize_brk())

I see. So would it help setting mm->brk = mm->start_brk =
mm->end_code if randomize_va_space < 2 in load_elf_binary() (and
elsewhere if needed -- not sure if other binformats are affected)?

> Oh, and also see the commit
> 
> 	commit 5520e89485252c759ee60d313e9422447659947b
> 	Author: Jiri Kosina <jkosina@...e.cz>
> 	Date:   Thu Jan 13 15:47:23 2011 -0800
> 
> 	    brk: fix min_brk lower bound computation for COMPAT_BRK
> 
> which is quite relevant here as well

AFAICS, this patch only changes the CONFIG_COMPAT_BRK case. I'm more
interested in the !CONFIG_COMPAT_BRK case (since my old binaries
work with CONFIG_COMPAT_BRK as is). Since e.g., Debian's default
kernel doesn't set CONFIG_COMPAT_BRK, I had hoped I could get them
to run by setting randomize_va_space to 0 or 1.

> (and you seem to be sending patch
> against code that doesn't have this patch applied).

Well, I used the last stable release; I hadn't noticed there was a
more recent change, sorry.

Frank
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ