| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <55C2A91B.1090704@imgtec.com> Date: Wed, 5 Aug 2015 17:23:55 -0700 From: Leonid Yegoshin <Leonid.Yegoshin@...tec.com> To: David Daney <ddaney@...iumnetworks.com> CC: Paul Burton <paul.burton@...tec.com>, <daniel.sanders@...tec.com>, <linux-mips@...ux-mips.org>, <cernekee@...il.com>, <Zubair.Kakakhel@...tec.com>, <geert+renesas@...der.be>, <david.daney@...ium.com>, <peterz@...radead.org>, <heiko.carstens@...ibm.com>, <paul.gortmaker@...driver.com>, <behanw@...verseincode.com>, <macro@...ux-mips.org>, <cl@...ux.com>, <pkarat@...sta.com>, <linux@...ck-us.net>, <tkhai@...dex.ru>, <james.hogan@...tec.com>, <alexinbeijing@...il.com>, <rusty@...tcorp.com.au>, <Steven.Hill@...tec.com>, <lars.persson@...s.com>, <aleksey.makarov@...iga.com>, <linux-kernel@...r.kernel.org>, <ralf@...ux-mips.org>, <luto@...capital.net>, <dahi@...ux.vnet.ibm.com>, <markos.chandras@...tec.com>, <eunb.song@...sung.com>, <kumba@...too.org> Subject: Re: [PATCH v4 3/3] MIPS: set stack/data protection as non-executable On 08/05/2015 05:14 PM, David Daney wrote: > On 08/05/2015 05:06 PM, Leonid Yegoshin wrote: >> On 08/05/2015 04:55 PM, Paul Burton wrote: >>> >>> >>> As was pointed out last time you posted this, it breaks backwards >>> compatibility with userland & thus cannot be applied. >> >> Never observed since first version. >> >> In other side, the problem with apps like ssh_keygen is observed in >> absence of executable stack protection. > > You cannot change the default. > > If your ssh_keygen is broken, get a working version. It is actually any application which requests non-executable stack protection and needs some emulation BEFORE GLIBC cancels that non-executable stack protection due to libraries. If you build all libraries with PT_GNU_STACK 'non-executable' and use application with the same protection then you can't emulate even a single instruction - it crashes immediately. So, it is not a bad application, it is a bad choice for emulation space in past. > > I have never had a problem running ssh_keygen (on platforms requiring > emulation). Create a buildroot FS with PT_GNU_STACK 'non-executable' libraries. Then run ssh_keygen on CPU without FPU and look. You also may try to run MIPS R2 Debian on MIPS R6 CPU, and see a spectacular failure of ssh_keygen (it tries to emulate MIPS R2 instruction before first library is loaded and that fails due to non-executable stack protection. - Leonid. -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists