lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date:   Tue, 20 Aug 2019 10:57:41 +0100
From:   Dave Martin <Dave.Martin@....com>
To:     linux-kernel@...r.kernel.org
Cc:     linux-arch@...r.kernel.org, Kees Cook <keescook@...omium.org>,
        Thomas Gleixner <tglx@...utronix.de>,
        Jann Horn <jannh@...gle.com>, "H.J. Lu" <hjl.tools@...il.com>,
        Eugene Syromiatnikov <esyr@...hat.com>,
        Florian Weimer <fweimer@...hat.com>,
        Yu-cheng Yu <yu-cheng.yu@...el.com>,
        Peter Zijlstra <peterz@...radead.org>
Subject: [RFC PATCH 0/2] ELF: Alternate program property parser

This series is an experimental reimplementation of ELF property parsing
(see NT_GNU_PROPERTY_TYPE_0, [1]) for the ELF loader.

This is intended for comparison / merging with [2] (or could replace it,
if people think this approach is better).

Either way, I'd like to get something in place so that we can build
AArch64 BTI support on top of it.

Any thoughts?


Key differences from [2]:

 * Scanning for the PT_PROGRAM_PROPERTY program header is intergrated
   into the existing scan loops, rather than being done separately.

 * In keeping with the rest of the ELF loader code, error checks are
   kept to a minimum.  Except to avoid buffer overruns, the ELF file is
   not checked for well-formedness.

   As a sanity check, the code still checks for a correct
   NT_GNU_PROPERTY_TYPE_0 note header at the start of the
   PT_PROGRAM_PROPERTY segment, but perhaps this isn't needed either.

 * 1K is statically allocated on the stack for the properties, and if
   the ELF properties are larger than that, the ELF file is rejected
   with ENOEXEC.

   There is no limit defined in [1] for the total size of the
   properties, but common sense seems suggests that 1K is likely to be
   ample space.

 * The properties are found, read and parsed exactly once.  [2] does
   this once _per property_ requested by the arch code: that's not a
   problem today, but it will become inefficient with there are multiple
   properties in the file that the kernel needs to look at.

   Instead, the arch arch_parse_elf_property() hook is called once per
   property found.  To minimise overhead, the arch code can implement
   this hook inline.

   This approach assumes that the number of properties in a given ELF is
   say, no more than 20 or so.  The code could be redesigned in the
   future if/when this iteration becomes an overhead (i.e., probably
   never).


[1] Linux Extensions to gABI
https://github.com/hjl-tools/linux-abi/wiki/Linux-Extensions-to-gABI

[2] [PATCH v8 22/27] binfmt_elf: Extract .note.gnu.property from an ELF file
https://lore.kernel.org/lkml/20190813205225.12032-23-yu-cheng.yu@intel.com/


Dave Martin (2):
  ELF: UAPI and Kconfig additions for ELF program properties
  ELF: Add ELF program property parsing support

 fs/Kconfig.binfmt        |   3 ++
 fs/binfmt_elf.c          | 109 +++++++++++++++++++++++++++++++++++++++++++++++
 fs/compat_binfmt_elf.c   |   4 ++
 include/linux/elf.h      |  21 +++++++++
 include/uapi/linux/elf.h |  11 +++++
 5 files changed, 148 insertions(+)

-- 
2.1.4

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ