| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20160217052010.GA49233@davidb.org> Date: Tue, 16 Feb 2016 22:20:10 -0700 From: David Brown <david.brown@...aro.org> To: Kees Cook <keescook@...omium.org> Cc: Russell King <linux@....linux.org.uk>, "linux-arm-kernel@...ts.infradead.org" <linux-arm-kernel@...ts.infradead.org>, "kernel-hardening@...ts.openwall.com" <kernel-hardening@...ts.openwall.com>, Ingo Molnar <mingo@...hat.com>, Andy Lutomirski <luto@...capital.net>, "H. Peter Anvin" <hpa@...or.com>, Michael Ellerman <mpe@...erman.id.au>, Mathias Krause <minipli@...glemail.com>, Thomas Gleixner <tglx@...utronix.de>, "x86@...nel.org" <x86@...nel.org>, Arnd Bergmann <arnd@...db.de>, PaX Team <pageexec@...email.hu>, Emese Revfy <re.emese@...il.com>, LKML <linux-kernel@...r.kernel.org>, linux-arch <linux-arch@...r.kernel.org> Subject: Re: [PATCH] ARM: vdso: Mark vDSO code as read-only On Tue, Feb 16, 2016 at 01:52:33PM -0800, Kees Cook wrote: >On Tue, Feb 16, 2016 at 1:36 PM, David Brown <david.brown@...aro.org> wrote: >> Although the arm vDSO is cleanly separated by code/data with the code >> being read-only in userspace mappings, the code page is still writable >> from the kernel. There have been exploits (such as >> http://itszn.com/blog/?p=21) that take advantage of this on x86 to go >> from a bad kernel write to full root. >> >> Prevent this specific exploit on arm by putting the vDSO code page in >> post-init read-only memory as well. > >Is the vdso dynamically built at init time like on x86, or can this >just use .rodata directly? On ARM, it is patched during init. Arm64's is just plain read-only. David
Powered by blists - more mailing lists