lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-ID: <564E5232.201@nod.at>
Date:	Thu, 19 Nov 2015 23:50:26 +0100
From:	Richard Weinberger <richard@....at>
To:	"linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>
Cc:	Linux-Arch <linux-arch@...r.kernel.org>, octavian.purdila@...el.com
Subject: [RFC] Limiting linker scope

Hi!

UML recently had an interesting bug[1] where the host side of UML
tried to call sigsuspend() but as the kernel itself offers a function
with the same name it called sigsuspend() on
the UML kernel side and funny things happened.

The root cause of the problem is that the UML links userspace
code like glibc, libpcap, etc. to the kernel image and symbols can
clash. Especially if one side is a shared library it will not noticed
at compile time.

As this is not the first bug of this kind I'm facing on UML I've
started to think how to deal with that.

Is it somehow possible to limit the linker scope?
Such that we can force LD no not blindly link every symbols of
vmlinux into another object? Maybe using a white list?
I have do admit I've never used LD scripts nor GNU export maps,
maybe they can help. Currently I'm reading their docs and hope
to find a way to implement my idea.

The problem is also not specific to UML, the emerging Linux Kernel
Library will suffer from the same issue.
As random programs will link the kernel as library the chance is
high to face similar symbol conflicts.

Maybe we can also find a nice generic solution to limit the linker
scope within the kernel. Such that it does not hurt when a random device
driver exports a symbol like "i".
It would also help to define subsystem interface more strict manner.

Thanks,
//richard

[1] https://lkml.org/lkml/2015/11/16/601
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ