lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <CAGXu5jKdjA+RiZAR4_YMqZyjGJKN2a0pU44CAtpmTBCSMDfEBA@mail.gmail.com>
Date:   Fri, 3 Nov 2017 17:42:35 -0700
From:   Kees Cook <keescook@...omium.org>
To:     Rob Landley <rob@...dley.net>
Cc:     Linus Torvalds <torvalds@...ux-foundation.org>,
        Linux Kernel Mailing List <linux-kernel@...r.kernel.org>,
        toybox@...ts.landley.net, enh@...il.com
Subject: Re: Regression: commit da029c11e6b1 broke toybox xargs.

On Fri, Nov 3, 2017 at 4:58 PM, Rob Landley <rob@...dley.net> wrote:
> But this just broke my _fix_, not the earlier deployed stuff. I removed
> the size measuring code when the 131072 limit went away, the bug was
> there's a new limit I need to not hit, I tried to figure out what the
> limit is now, confirmed that the various libc implementations don't
> agree, then the actual kernel limit changed again while I was looking at it.

In the fix you landed (to include env in size calculations -- which
didn't change recently), you also included the pointer size itself in
the calculation, so

commit 98da7d08850f ("fs/exec.c: account for argv/envp pointers")

should be handled.

If we didn't do the "but no more than 75% of _STK_LIM", and moved to
something like "check stack utilization after loading the binary", we
end up in the position where the kernel is past the point of no return
(so instead of E2BIG, the execve()ing process just SEGVs), which is
much harder to debug or recover from (i.e. there's no process left to
return from the execve() from). We could, however, limit that behavior
to setuid processes? I'm open to whatever Linus says here.

FWIW, I have a lightly tested alternative here (should be visible shortly):
https://git.kernel.org/pub/scm/linux/kernel/git/kees/linux.git/log/?h=kspp/stack-size

-Kees

-- 
Kees Cook
Pixel Security

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ