| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 19 Nov 2019 00:36:03 +0300
From: Alexey Dobriyan <adobriyan@...il.com>
To: Andrew Morton <akpm@...ux-foundation.org>
Cc: linux-kernel@...r.kernel.org, linux-arch@...r.kernel.org,
security@...nel.org, ben.dooks@...ethink.co.uk
Subject: Re: [PATCH] ELF: warn if process starts with executable stack
On Mon, Nov 18, 2019 at 12:54:57PM -0800, Andrew Morton wrote:
> On Mon, 18 Nov 2019 17:51:15 +0300 Alexey Dobriyan <adobriyan@...il.com> wrote:
>
> > PT_GNU_STACK is fail open design,
>
> Not sure what this means. Please expand on the motivation for this
> change.
>
> > at least warn people that something
> > isn't right.
>
> People who use an executable stack get a kernel splat. How is that
> useful?
There were two stories about silent downgrade to an executable stack:
1)
compiling .S file and linking it to normal code:
$ cat f.S
.intel_syntax noprefix
.text
.globl f
f:
ret
will silently add PT_GNU_STACK segment with RWE permissions
2)
closures with nested functions will require executable stack
https://nullprogram.com/blog/2019/11/15/
> > --- a/fs/exec.c
> > +++ b/fs/exec.c
> > @@ -762,6 +762,13 @@ int setup_arg_pages(struct linux_binprm *bprm,
> > goto out_unlock;
> > BUG_ON(prev != vma);
> >
> > +#ifdef CONFIG_MMU
This code is already under CONFIG_MMU. I'll resend.
Powered by blists - more mailing lists