| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20200811172738.2d632a09@coco.lan>
Date: Tue, 11 Aug 2020 17:27:38 +0200
From: Mauro Carvalho Chehab <mchehab+huawei@...nel.org>
To: peterz@...radead.org
Cc: Jessica Yu <jeyu@...nel.org>, linux-kernel@...r.kernel.org,
Thomas Gleixner <tglx@...utronix.de>, keescook@...omium.org,
Josh Poimboeuf <jpoimboe@...hat.com>,
Miroslav Benes <mbenes@...e.cz>,
Mark Rutland <mark.rutland@....com>
Subject: Re: [PATCH v2] module: Harden STRICT_MODULE_RWX
Em Tue, 11 Aug 2020 16:55:24 +0200
peterz@...radead.org escreveu:
> On Tue, Aug 11, 2020 at 04:34:27PM +0200, Mauro Carvalho Chehab wrote:
> > [33] .plt PROGBITS 0000000000000340 00035c80
> > 0000000000000001 0000000000000000 WAX 0 0 1
> > [34] .init.plt NOBITS 0000000000000341 00035c81
> > 0000000000000001 0000000000000000 WA 0 0 1
> > [35] .text.ftrace[...] PROGBITS 0000000000000342 00035c81
> > 0000000000000001 0000000000000000 WAX 0 0 1
>
> .plt and .text.ftrace_tramplines are buggered.
>
> arch/arm64/kernel/module.lds even marks then as NOLOAD.
Hmm... Shouldn't the code at module_enforce_rwx_sections() or at
load_module() ignore such sections instead of just rejecting probing
all modules?
I mean, if the existing toolchain is not capable of excluding
those sections, either the STRICT_MODULE_RWX hardening should be
disabled, if a broken toolchain is detected or some runtime code
should handle such sections on a different way.
Thanks,
Mauro
Powered by blists - more mailing lists