| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CAGXu5jKkPJAHezzX1o0wQySaHLjYW-muGJ8W0XeDGvvsn0h3Zg@mail.gmail.com> Date: Wed, 11 May 2016 19:11:57 -0700 From: Kees Cook <keescook@...omium.org> To: Andi Kleen <ak@...ux.intel.com> Cc: Hector Marco-Gisbert <hecmargi@....es>, Andy Lutomirski <luto@...nel.org>, LKML <linux-kernel@...r.kernel.org>, Thomas Gleixner <tglx@...utronix.de>, Ingo Molnar <mingo@...hat.com>, "H. Peter Anvin" <hpa@...or.com>, "x86@...nel.org" <x86@...nel.org>, Brian Gerst <brgerst@...il.com>, Borislav Petkov <bp@...e.de>, Huaitong Han <huaitong.han@...el.com>, Ismael Ripoll Ripoll <iripoll@....es> Subject: Re: [PATCH] x86_64: Disabling read-implies-exec when the stack is executable On Wed, May 11, 2016 at 3:40 PM, Andi Kleen <ak@...ux.intel.com> wrote: >> However, I would tend to agree: RIE should only be needed on 32-bit >> since 64-bit started its life knowing about no-exec permissions. > > NX was not in the original AMD K8 chips. Was only added some time later. So we should retain this behavior for all of 64-bit? >> set_personality_64bit()'s (which is confusingly just an initializer >> and not called during the personality() syscall) comment about this >> makes no sense to me: >> >> /* TBD: overwrites user setup. Should have two bits. >> But 64bit processes have always behaved this way, >> so it's not too bad. The main problem is just that >> 32bit childs are affected again. */ >> current->personality &= ~READ_IMPLIES_EXEC; > > What does not make sense? I just don't have enough context to make sense of it. What two bits? Always behaved what way?Affected by what? -Kees -- Kees Cook Chrome OS & Brillo Security
Powered by blists - more mailing lists