lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <0035d7a6-6a03-435c-a893-3a57a4319fd4@kernel.org>
Date: Wed, 7 Aug 2024 12:53:14 -0700
From: Damien Le Moal <dlemoal@...nel.org>
To: Kees Cook <kees@...nel.org>, Palmer Dabbelt <palmer@...belt.com>
Cc: Stefan O'Rear <sorear@...tmail.com>, Alexandre Ghiti <alex@...ti.fr>,
 Greg Ungerer <gerg@...ux-m68k.org>, Alexander Viro
 <viro@...iv.linux.org.uk>, Christian Brauner <brauner@...nel.org>,
 Jan Kara <jack@...e.cz>, Eric Biederman <ebiederm@...ssion.com>,
 linux-fsdevel@...r.kernel.org, linux-mm@...ck.org,
 Damien Le Moal <damien.lemoal@....com>, linux-kernel@...r.kernel.org,
 linux-hardening@...r.kernel.org
Subject: Re: [PATCH v2] binfmt_flat: Fix corruption when not offsetting data
 start

On 2024/08/07 12:51, Kees Cook wrote:
> Commit 04d82a6d0881 ("binfmt_flat: allow not offsetting data start")
> introduced a RISC-V specific variant of the FLAT format which does
> not allocate any space for the (obsolete) array of shared library
> pointers. However, it did not disable the code which initializes the
> array, resulting in the corruption of sizeof(long) bytes before the DATA
> segment, generally the end of the TEXT segment.
> 
> Introduce MAX_SHARED_LIBS_UPDATE which depends on the state of
> CONFIG_BINFMT_FLAT_NO_DATA_START_OFFSET to guard the initialization of
> the shared library pointer region so that it will only be initialized
> if space is reserved for it.
> 
> Fixes: 04d82a6d0881 ("binfmt_flat: allow not offsetting data start")
> Co-developed-by: Stefan O'Rear <sorear@...tmail.com>
> Signed-off-by: Stefan O'Rear <sorear@...tmail.com>
> Signed-off-by: Kees Cook <kees@...nel.org>

Looks good to me.

Reviewed-by: Damien Le Moal <dlemoal@...nel.org>

-- 
Damien Le Moal
Western Digital Research


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ