| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 3 Oct 2011 11:42:09 -0400 From: Josh Boyer <jwboyer@...hat.com> To: Jiri Kosina <jkosina@...e.cz> Cc: Nicolas Pitre <nicolas.pitre@...aro.org>, Andrew Morton <akpm00@...il.com>, Ingo Molnar <mingo@...e.hu>, hongjiu.lu@...el.com, linux-kernel@...r.kernel.org, Andrew Morton <akpm@...ux-foundation.org>, Russell King <rmk@....linux.org.uk> Subject: Re: [PATCH v2] binfmt_elf: Fix PIE execution with randomization disabled (was Re: [RFC PATCH] binfmt_elf: Fix PIE execution with randomization disabled) On Mon, Oct 03, 2011 at 05:11:47PM +0200, Jiri Kosina wrote: > > I was mostly just trying to adapt H.J.'s patch to account for the > > PF_RANDOMIZE case. Looking at it a bit more, I'm not sure why they > > would need to be different. H.J., do you recall why you made that > > change originally? > > How about the patch below instead? It survives my testing, and I believe > it handles both cases properly. > > Confirmation from the original bug reporter would obviously be a nice > bonus too :) I built an F15 kernel with this patch included. The testcase included in the original bug report seems to run with and without randomization enabled. Looking at the ldd output on the binary shows that both cases are working appropriately as well. I'm happy to add my Acked-by below, but it would be nice if H.J. confirmed as well. > From: Jiri Kosina <jkosina@...e.cz> > Subject: [PATCH] binfmt_elf: fix PIE execution with randomization disabled > > The case of address space randomization being disabled in runtime through > randomize_va_space sysctl is not treated properly in load_elf_binary(), > resulting in SIGKILL coming at exec() time for certain PIE-linked binaries > in case the randomization has been disabled at runtime prior to calling > exec(). > > Handle the randomize_va_space == 0 case the same way as if we were not > supporting .text randomization at all. > > Based on original patch by H.J. Lu <hongjiu.lu@...el.com> and > Josh Boyer <jwboyer@...hat.com> > > Cc: Ingo Molnar <mingo@...e.hu> > Cc: Jiri Kosina <jkosina@...e.cz> > Cc: Nicolas Pitre <nicolas.pitre@...aro.org> > Cc: Russell King <rmk@....linux.org.uk> > Signed-off-by: Jiri Kosina <jkosina@...e.cz> Acked-by: Josh Boyer <jwboyer@...hat.com> > --- > fs/binfmt_elf.c | 5 ++++- > 1 files changed, 4 insertions(+), 1 deletions(-) > > diff --git a/fs/binfmt_elf.c b/fs/binfmt_elf.c > index dd0fdfc..bb11fe4 100644 > --- a/fs/binfmt_elf.c > +++ b/fs/binfmt_elf.c > @@ -795,7 +795,10 @@ static int load_elf_binary(struct linux_binprm *bprm, struct pt_regs *regs) > * might try to exec. This is because the brk will > * follow the loader, and is not movable. */ > #if defined(CONFIG_X86) || defined(CONFIG_ARM) > - load_bias = 0; > + if (current->flags & PF_RANDOMIZE) > + load_bias = 0; > + else > + load_bias = ELF_PAGESTART(ELF_ET_DYN_BASE - vaddr); > #else > load_bias = ELF_PAGESTART(ELF_ET_DYN_BASE - vaddr); > #endif > -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists