[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <55C2AC5B.50408@caviumnetworks.com>
Date: Wed, 5 Aug 2015 17:37:47 -0700
From: David Daney <ddaney@...iumnetworks.com>
To: Leonid Yegoshin <Leonid.Yegoshin@...tec.com>
CC: Paul Burton <paul.burton@...tec.com>, <daniel.sanders@...tec.com>,
<linux-mips@...ux-mips.org>, <cernekee@...il.com>,
<Zubair.Kakakhel@...tec.com>, <geert+renesas@...der.be>,
<david.daney@...ium.com>, <peterz@...radead.org>,
<heiko.carstens@...ibm.com>, <paul.gortmaker@...driver.com>,
<behanw@...verseincode.com>, <macro@...ux-mips.org>,
<cl@...ux.com>, <pkarat@...sta.com>, <linux@...ck-us.net>,
<tkhai@...dex.ru>, <james.hogan@...tec.com>,
<alexinbeijing@...il.com>, <rusty@...tcorp.com.au>,
<Steven.Hill@...tec.com>, <lars.persson@...s.com>,
<aleksey.makarov@...iga.com>, <linux-kernel@...r.kernel.org>,
<ralf@...ux-mips.org>, <luto@...capital.net>,
<dahi@...ux.vnet.ibm.com>, <markos.chandras@...tec.com>,
<eunb.song@...sung.com>, <kumba@...too.org>
Subject: Re: [PATCH v4 3/3] MIPS: set stack/data protection as non-executable
On 08/05/2015 05:23 PM, Leonid Yegoshin wrote:
> On 08/05/2015 05:14 PM, David Daney wrote:
>> On 08/05/2015 05:06 PM, Leonid Yegoshin wrote:
>>> On 08/05/2015 04:55 PM, Paul Burton wrote:
>>>>
>>>>
>>>> As was pointed out last time you posted this, it breaks backwards
>>>> compatibility with userland & thus cannot be applied.
>>>
>>> Never observed since first version.
>>>
>>> In other side, the problem with apps like ssh_keygen is observed in
>>> absence of executable stack protection.
>>
>> You cannot change the default.
>>
>> If your ssh_keygen is broken, get a working version.
>
> It is actually any application which requests non-executable stack
> protection and needs some emulation BEFORE GLIBC cancels that
> non-executable stack protection due to libraries.
>
> If you build all libraries with PT_GNU_STACK 'non-executable' and use
> application with the same protection then you can't emulate even a
> single instruction - it crashes immediately. So, it is not a bad
> application, it is a bad choice for emulation space in past.
>
This just means that your userspace is broken.
If GLibC cannot do the right thing then it should be fixed.
The very first thing that is executed is ld.so, you need to make your
ld.so do the right thing before transferring control to your program's
entry point.
You cannot change the default setting for executable stack just because
you have created a broken userspace.
The ability of legacy userspace to continue functioning cannot be
sacrificed.
David Daney
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists