lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Fri, 5 May 2023 18:42:55 +0200
From:   Florent Revest <revest@...omium.org>
To:     Alexey Izbyshev <izbyshev@...ras.ru>
Cc:     linux-kernel@...r.kernel.org, linux-mm@...ck.org,
        akpm@...ux-foundation.org, catalin.marinas@....com,
        anshuman.khandual@....com, joey.gouly@....com, mhocko@...e.com,
        keescook@...omium.org, david@...hat.com, peterx@...hat.com,
        nd@....com, broonie@...nel.org, szabolcs.nagy@....com
Subject: Re: [PATCH 4/4] kselftest: vm: Add tests for no-inherit memory-deny-write-execute

On Thu, May 4, 2023 at 10:30 PM Alexey Izbyshev <izbyshev@...ras.ru> wrote:
>
> On 2023-05-04 20:09, Florent Revest wrote:
> > Add some tests to cover the new PR_MDWE_NO_INHERIT flag of the
> > PR_SET_MDWE prctl.
> >
> > Signed-off-by: Florent Revest <revest@...omium.org>
> > ---
> >  tools/testing/selftests/mm/mdwe_test.c | 95 ++++++++++++++++++++++++--
> >  1 file changed, 89 insertions(+), 6 deletions(-)
> >
> > diff --git a/tools/testing/selftests/mm/mdwe_test.c
> > b/tools/testing/selftests/mm/mdwe_test.c
> > index 91aa9c3099e7..9f08ed1b99ae 100644
> > --- a/tools/testing/selftests/mm/mdwe_test.c
> > +++ b/tools/testing/selftests/mm/mdwe_test.c
> > @@ -22,6 +22,8 @@
> >
> >  TEST(prctl_flags)
> >  {
> > +     EXPECT_LT(prctl(PR_SET_MDWE, PR_MDWE_NO_INHERIT, 0L, 0L, 7L), 0);
> > +
>
> PR_MDWE_NO_INHERIT is defined to an int constant, so passing it to
> prctl() without a cast to long or similar may produce wrong code on
> 64-bit targets (ABIs typically don't require the compiler to clear the
> upper 32 bits of a 64-bit register when passing a 32-bit argument, so
> va_arg(arg, unsigned long) in prctl() implementation might get junk).

Ah, good catch Alexey! :)

> Arguably, defining PR_MDWE_* to plain int constants is a bug, or at
> least a footgun for users of uapi headers.

As part of the next version of this series, I'm happy to:
1- change the existing PR_MDWE_REFUSE_EXEC_GAIN to 1UL
2- introduce PR_MDWE_NO_INHERIT as 2UL

But I'm surprised that most of the macros in
include/uapi/linux/prctl.h are the same sort of footguns already ?
Hasn't it been an issue for other prctls yet ?

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ