| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <alpine.LSU.2.21.2004061146590.26870@pobox.suse.cz>
Date: Mon, 6 Apr 2020 11:55:39 +0200 (CEST)
From: Miroslav Benes <mbenes@...e.cz>
To: Josh Poimboeuf <jpoimboe@...hat.com>
cc: Peter Zijlstra <peterz@...radead.org>, jeyu@...nel.org,
linux-kernel@...r.kernel.org, Thomas Gleixner <tglx@...utronix.de>,
keescook@...omium.org
Subject: Re: [PATCH] module: Harden STRICT_MODULE_RWX
On Fri, 3 Apr 2020, Josh Poimboeuf wrote:
> On Fri, Apr 03, 2020 at 06:37:16PM +0200, Peter Zijlstra wrote:
> > +{
> > + int i;
> > +
> > + for (i = 0; i < hdr->e_shnum; i++) {
> > + if (sechdrs[i].sh_flags & (SHF_EXECINSTR|SHF_WRITE))
> > + return -ENOEXEC;
>
> I think you only want the error when both are set?
>
> if (sechdrs[i].sh_flags & (SHF_EXECINSTR|SHF_WRITE) == (SHF_EXECINSTR|SHF_WRITE))
A section with SHF_EXECINSTR and SHF_WRITE but without SHF_ALLOC would be
strange though, no? It wouldn't be copied to the final module later
anyway.
Looking at layout_sections()... a section with
SHF_EXECINSTR|SHF_WRITE|SHF_ALLOC would not be counted at all. However,
move_module() later copies everything with SHF_ALLOC flag to the final
module. If there is WXA section, there would be a bug because the
allocation there would not get the correct size. In that case it is
important to error out early as you're proposing.
Am I missing something?
Miroslav
Powered by blists - more mailing lists