| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 5 Aug 2015 17:37:47 -0700 From: David Daney <ddaney@...iumnetworks.com> To: Leonid Yegoshin <Leonid.Yegoshin@...tec.com> CC: Paul Burton <paul.burton@...tec.com>, <daniel.sanders@...tec.com>, <linux-mips@...ux-mips.org>, <cernekee@...il.com>, <Zubair.Kakakhel@...tec.com>, <geert+renesas@...der.be>, <david.daney@...ium.com>, <peterz@...radead.org>, <heiko.carstens@...ibm.com>, <paul.gortmaker@...driver.com>, <behanw@...verseincode.com>, <macro@...ux-mips.org>, <cl@...ux.com>, <pkarat@...sta.com>, <linux@...ck-us.net>, <tkhai@...dex.ru>, <james.hogan@...tec.com>, <alexinbeijing@...il.com>, <rusty@...tcorp.com.au>, <Steven.Hill@...tec.com>, <lars.persson@...s.com>, <aleksey.makarov@...iga.com>, <linux-kernel@...r.kernel.org>, <ralf@...ux-mips.org>, <luto@...capital.net>, <dahi@...ux.vnet.ibm.com>, <markos.chandras@...tec.com>, <eunb.song@...sung.com>, <kumba@...too.org> Subject: Re: [PATCH v4 3/3] MIPS: set stack/data protection as non-executable On 08/05/2015 05:23 PM, Leonid Yegoshin wrote: > On 08/05/2015 05:14 PM, David Daney wrote: >> On 08/05/2015 05:06 PM, Leonid Yegoshin wrote: >>> On 08/05/2015 04:55 PM, Paul Burton wrote: >>>> >>>> >>>> As was pointed out last time you posted this, it breaks backwards >>>> compatibility with userland & thus cannot be applied. >>> >>> Never observed since first version. >>> >>> In other side, the problem with apps like ssh_keygen is observed in >>> absence of executable stack protection. >> >> You cannot change the default. >> >> If your ssh_keygen is broken, get a working version. > > It is actually any application which requests non-executable stack > protection and needs some emulation BEFORE GLIBC cancels that > non-executable stack protection due to libraries. > > If you build all libraries with PT_GNU_STACK 'non-executable' and use > application with the same protection then you can't emulate even a > single instruction - it crashes immediately. So, it is not a bad > application, it is a bad choice for emulation space in past. > This just means that your userspace is broken. If GLibC cannot do the right thing then it should be fixed. The very first thing that is executed is ld.so, you need to make your ld.so do the right thing before transferring control to your program's entry point. You cannot change the default setting for executable stack just because you have created a broken userspace. The ability of legacy userspace to continue functioning cannot be sacrificed. David Daney -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists