| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sun, 17 Dec 2023 13:07:06 -0800
From: "H. Peter Anvin" <hpa@...or.com>
To: Linus Torvalds <torvalds@...uxfoundation.org>,
Brian Gerst <brgerst@...il.com>
CC: linux-kernel@...r.kernel.org, x86@...nel.org,
Ingo Molnar <mingo@...nel.org>, Thomas Gleixner <tglx@...utronix.de>,
Borislav Petkov <bp@...en8.de>, Peter Zijlstra <peterz@...radead.org>,
Michal Luczaj <mhal@...x.co>
Subject: Re: [PATCH 3/3] x86/sigreturn: Reject system segements
On December 13, 2023 10:54:00 AM PST, Linus Torvalds <torvalds@...uxfoundation.org> wrote:
>On Wed, 13 Dec 2023 at 08:34, Brian Gerst <brgerst@...il.com> wrote:
>>
>> @@ -98,7 +98,11 @@ static bool ia32_restore_sigcontext(struct pt_regs *regs,
>>
>> /* Get CS/SS and force CPL3 */
>> regs->cs = sc.cs | 0x03;
>> + if (!valid_user_selector(regs->cs))
>> + return false;
>> regs->ss = sc.ss | 0x03;
>> + if (!valid_user_selector(regs->ss))
>> + return false;
>
>Side note: the SS/CS checks could be stricter than the usual selector tests.
>
>In particular, normal segments can be Null segments. But CS/SS must not be.
>
>Also, since you're now checking the validity, maybe we shouldn't do
>the "force cpl3" any more, and just make it an error to try to load a
>non-cpl3 segment at sigreturn..
>
>That forcing was literally just because we weren't checking it for sanity...
>
> Linus
Not to mention that changing a null descriptor to 3 is wrong.
Powered by blists - more mailing lists