| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20160517203154.GA15566@kroah.com>
Date: Tue, 17 May 2016 13:31:54 -0700
From: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
To: "Jon Medhurst (Tixy)" <tixy@...aro.org>
Cc: linux-kernel@...r.kernel.org, stable@...r.kernel.org,
Kees Cook <keescook@...omium.org>,
Catalin Marinas <catalin.marinas@....com>,
Guenter Roeck <linux@...ck-us.net>,
Arun Chandran <achandran@...sta.com>
Subject: Re: [PATCH 3.14 17/17] arm64: Make arch_randomize_brk avoid stack
area
On Tue, May 17, 2016 at 10:49:23AM +0100, Jon Medhurst (Tixy) wrote:
> On Mon, 2016-05-16 at 18:14 -0700, Greg Kroah-Hartman wrote:
> > 3.14-stable review patch. If anyone has any objections, please let me know.
>
> As reported by Guenter Roeck, this patch doesn't compile on 3.14 because
> it deleted randomize_base which is still used by the macro
> ELF_ET_DYN_BASE. That use was removed in 3.18 by commit 92980405f353
> ("arm64: ASLR: Don't randomise text when randomise_va_space == 0")
>
> Looking at that commit it seems to be what caused the bug $subject patch
> fixes because it stopped the arm64 implementation putting loaded
> binaries 2/3rds the way up a task's address range.
>
> So it seems to me, either $subject patch should only be applied to
> Linux versions 3.18 through 4.0 inclusive; or the fix in commit
> 92980405f353 also needs backporting to stable kernels before 3.18. (Or
> some more other solution.)
Thanks, I'll just drop this from 3.14-stable, as it doesn't seem to make
much sense for it to be backported there.
greg k-h
Powered by blists - more mailing lists