lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <55C2AC5B.50408@caviumnetworks.com>
Date:	Wed, 5 Aug 2015 17:37:47 -0700
From:	David Daney <ddaney@...iumnetworks.com>
To:	Leonid Yegoshin <Leonid.Yegoshin@...tec.com>
CC:	Paul Burton <paul.burton@...tec.com>, <daniel.sanders@...tec.com>,
	<linux-mips@...ux-mips.org>, <cernekee@...il.com>,
	<Zubair.Kakakhel@...tec.com>, <geert+renesas@...der.be>,
	<david.daney@...ium.com>, <peterz@...radead.org>,
	<heiko.carstens@...ibm.com>, <paul.gortmaker@...driver.com>,
	<behanw@...verseincode.com>, <macro@...ux-mips.org>,
	<cl@...ux.com>, <pkarat@...sta.com>, <linux@...ck-us.net>,
	<tkhai@...dex.ru>, <james.hogan@...tec.com>,
	<alexinbeijing@...il.com>, <rusty@...tcorp.com.au>,
	<Steven.Hill@...tec.com>, <lars.persson@...s.com>,
	<aleksey.makarov@...iga.com>, <linux-kernel@...r.kernel.org>,
	<ralf@...ux-mips.org>, <luto@...capital.net>,
	<dahi@...ux.vnet.ibm.com>, <markos.chandras@...tec.com>,
	<eunb.song@...sung.com>, <kumba@...too.org>
Subject: Re: [PATCH v4 3/3] MIPS: set stack/data protection as non-executable

On 08/05/2015 05:23 PM, Leonid Yegoshin wrote:
> On 08/05/2015 05:14 PM, David Daney wrote:
>> On 08/05/2015 05:06 PM, Leonid Yegoshin wrote:
>>> On 08/05/2015 04:55 PM, Paul Burton wrote:
>>>>
>>>>
>>>> As was pointed out last time you posted this, it breaks backwards
>>>> compatibility with userland & thus cannot be applied.
>>>
>>> Never observed since first version.
>>>
>>> In other side, the problem with apps like ssh_keygen is observed in
>>> absence of executable stack protection.
>>
>> You cannot change the default.
>>
>> If your ssh_keygen is broken, get a working version.
>
> It is actually any application which requests non-executable stack
> protection and needs some emulation BEFORE GLIBC cancels that
> non-executable stack protection due to libraries.
>
> If you build all libraries with PT_GNU_STACK 'non-executable' and use
> application with the same protection then you can't emulate even a
> single instruction - it crashes immediately. So, it is not a bad
> application, it is a bad choice for emulation space in past.
>

This just means that your userspace is broken.

If GLibC cannot do the right thing then it should be fixed.

The very first thing that is executed is ld.so, you need to make your 
ld.so do the right thing before transferring control to your program's 
entry point.

You cannot change the default setting for executable stack just because 
you have created a broken userspace.

The ability of legacy userspace to continue functioning cannot be 
sacrificed.

David Daney
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ