| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20180208115559.GA31316@saruman>
Date: Thu, 8 Feb 2018 11:55:59 +0000
From: James Hogan <jhogan@...nel.org>
To: Miodrag Dinic <Miodrag.Dinic@...s.com>
Cc: Paul Burton <Paul.Burton@...s.com>,
Maciej Rozycki <Maciej.Rozycki@...s.com>,
Aleksandar Markovic <aleksandar.markovic@...rk.com>,
Aleksandar Markovic <Aleksandar.Markovic@...s.com>,
David Daney <ddaney@...iumnetworks.com>,
"linux-mips@...ux-mips.org" <linux-mips@...ux-mips.org>,
Andrew Morton <akpm@...ux-foundation.org>,
DengCheng Zhu <DengCheng.Zhu@...s.com>,
Ding Tianhong <dingtianhong@...wei.com>,
Douglas Leung <Douglas.Leung@...s.com>,
Frederic Weisbecker <frederic@...nel.org>,
Goran Ferenc <Goran.Ferenc@...s.com>,
Ingo Molnar <mingo@...nel.org>,
James Cowgill <James.Cowgill@...tec.com>,
Jonathan Corbet <corbet@....net>,
"linux-doc@...r.kernel.org" <linux-doc@...r.kernel.org>,
"linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
Marc Zyngier <marc.zyngier@....com>,
Matt Redfearn <Matt.Redfearn@...s.com>,
Mimi Zohar <zohar@...ux.vnet.ibm.com>,
"Paul E. McKenney" <paulmck@...ux.vnet.ibm.com>,
Petar Jovanovic <Petar.Jovanovic@...s.com>,
Raghu Gandham <Raghu.Gandham@...s.com>,
Ralf Baechle <ralf@...ux-mips.org>,
Thomas Gleixner <tglx@...utronix.de>,
Tom Saeger <tom.saeger@...cle.com>
Subject: Re: [PATCH v2] MIPS: Add nonxstack=on|off kernel parameter
Hi,
On Thu, Dec 07, 2017 at 11:33:47AM +0000, Miodrag Dinic wrote:
> > On Wed, Dec 06, 2017 at 05:50:52PM +0000, Maciej W. Rozycki wrote:
> > > What problem are you trying to solve anyway? Is it not something that
> > > can be handled with the `execstack' utility?
> >
> > The commit message states that for Android "non-exec stack is required".
> > Is Android checking that then Aleksandar? If so, how?
>
> Android is using SELinux configured to disallow NX mappings by handling
> the following sepolicy rules :
> * Executable stack (execstack)
> * Executable heap (execheap)
> * File-based executable code which has been modified (execmod)
> * All other executable memory (execmem)
...
> The effect of not having some workaround like this in the kernel, would
> be to run Android only in SELinux permissive mode.
So you want to override the lack of RIXI so that SELinux sees an
RX->RW->RX transition as execmod instead of execmem (since without RIXI
its effectively RX->RWX->RX which is execmem)?
Looking at file_map_prot_check(), it does the execmem check on this
condition:
if (default_noexec &&
(prot & PROT_EXEC) && (!file || IS_PRIVATE(file_inode(file)) ||
(!shared && (prot & PROT_WRITE)))) {
/*
* We are making executable an anonymous mapping or a
* private file mapping that will also be writable.
* This has an additional check.
*/
default_noexec is set if VM_DATA_DEFAULT_FLAGS doesn't have the exec
flag set, and that flag depends on current->personality &
READ_IMPLIES_EXEC, which depends on elf_read_implies_exec(), i.e.
mips_elf_read_implies_exec(), and that should already return 1 if RIXI
is unavailable.
I.e.
mips_elf_read_implies_exec() == 1
elf_read_implies_exec() == 1
READ_IMPLIES_EXEC will be set in current->personality
VM_DATA_DEFAULT_FLAGS will have VM_EXEC set
default_noexec will be set to 0 in selinux_init()
none of the execmem, execheap, execstack, execmod permission
checks should take place.
So whats the problem exactly? Perhaps I misinterpreted something.
Cheers
James
Download attachment "signature.asc" of type "application/pgp-signature" (834 bytes)
Powered by blists - more mailing lists