| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20240801170838.356177-1-jeffxu@google.com>
Date: Thu, 1 Aug 2024 17:08:32 +0000
From: jeffxu@...omium.org
To: akpm@...ux-foundation.org,
keescook@...omium.org,
jannh@...gle.com,
sroettger@...gle.com,
adhemerval.zanella@...aro.org,
ojeda@...nel.org,
adobriyan@...il.com
Cc: linux-kernel@...r.kernel.org,
linux-mm@...ck.org,
jorgelo@...omium.org,
Jeff Xu <jeffxu@...omium.org>
Subject: [RFC PATCH v1 0/1] binfmt_elf: seal address zero
From: Jeff Xu <jeffxu@...omium.org>
In load_elf_binary as part of the execve(), when the current
task’s personality has MMAP_PAGE_ZERO set, the kernel allocates
one page at address 0. According to the comment:
/* Why this, you ask??? Well SVr4 maps page 0 as read-only,
and some applications "depend" upon this behavior.
Since we do not have the power to recompile these, we
emulate the SVr4 behavior. Sigh. */
At one point, Linus suggested removing this [1].
Sealing this is probably safe, the comment doesn’t say
the app ever wanting to change the mapping to rwx. Sealing
also ensures that never happens.
[1] https://lore.kernel.org/lkml/CAHk-=whVa=nm_GW=NVfPHqcxDbWt4JjjK1YWb0cLjO4ZSGyiDA@mail.gmail.com/
Jeff Xu (1):
binfmt_elf: mseal address zero
fs/binfmt_elf.c | 4 ++++
include/linux/mm.h | 4 ++++
mm/mseal.c | 2 +-
3 files changed, 9 insertions(+), 1 deletion(-)
--
2.46.0.rc1.232.g9752f9e123-goog
Powered by blists - more mailing lists