lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:	Wed, 5 Aug 2015 17:40:32 -0700
From:	Paul Burton <paul.burton@...tec.com>
To:	Leonid Yegoshin <Leonid.Yegoshin@...tec.com>
CC:	David Daney <ddaney@...iumnetworks.com>,
	<daniel.sanders@...tec.com>, <linux-mips@...ux-mips.org>,
	<cernekee@...il.com>, <Zubair.Kakakhel@...tec.com>,
	<geert+renesas@...der.be>, <david.daney@...ium.com>,
	<peterz@...radead.org>, <heiko.carstens@...ibm.com>,
	<paul.gortmaker@...driver.com>, <behanw@...verseincode.com>,
	<macro@...ux-mips.org>, <cl@...ux.com>, <pkarat@...sta.com>,
	<linux@...ck-us.net>, <tkhai@...dex.ru>, <james.hogan@...tec.com>,
	<alexinbeijing@...il.com>, <rusty@...tcorp.com.au>,
	<Steven.Hill@...tec.com>, <lars.persson@...s.com>,
	<aleksey.makarov@...iga.com>, <linux-kernel@...r.kernel.org>,
	<ralf@...ux-mips.org>, <luto@...capital.net>,
	<dahi@...ux.vnet.ibm.com>, <markos.chandras@...tec.com>,
	<eunb.song@...sung.com>, <kumba@...too.org>
Subject: Re: [PATCH v4 3/3] MIPS: set stack/data protection as non-executable

On Wed, Aug 05, 2015 at 05:23:55PM -0700, Leonid Yegoshin wrote:
> It is actually any application which requests non-executable stack
> protection and needs some emulation BEFORE GLIBC cancels that non-executable
> stack protection due to libraries.
> 
> If you build all libraries with PT_GNU_STACK 'non-executable' and use
> application with the same protection then you can't emulate even a single
> instruction - it crashes immediately. So, it is not a bad application, it is
> a bad choice for emulation space in past.

...snip...

> Create a buildroot FS with PT_GNU_STACK 'non-executable' libraries. Then run
> ssh_keygen on CPU without FPU and look.
> 
> You also may try to run MIPS R2 Debian on MIPS R6 CPU, and see a spectacular
> failure of ssh_keygen (it tries to emulate MIPS R2 instruction before first
> library is loaded and that fails due to non-executable stack protection.

All of that sounds like perfectly valid reasons to move the FP branch
delay emulation away from using the stack, which we absolutely do need
to do. They do not however justify changing the default flags & breaking
backwards compatibility.

Thanks,
    Paul
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists