lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-Id: <678ee681-12c3-4e79-a04b-495daf343846@app.fastmail.com>
Date: Thu, 09 Jan 2025 09:43:38 +0100
From: "Arnd Bergmann" <arnd@...db.de>
To: "John Paul Adrian Glaubitz" <glaubitz@...sik.fu-berlin.de>,
 "Richard Henderson" <richard.henderson@...aro.org>,
 "Matt Turner" <mattst88@...il.com>,
 "Eric W. Biederman" <ebiederm@...ssion.com>, "Kees Cook" <kees@...nel.org>,
 "Paul E. McKenney" <paulmck@...nel.org>, linux-alpha@...r.kernel.org,
 linux-mm@...ck.org, linux-kernel@...r.kernel.org
Cc: "Michael Cree" <mcree@...on.net.nz>, "Sam James" <sam@...too.org>,
 "Maciej W. Rozycki" <macro@...am.me.uk>,
 "Geert Uytterhoeven" <geert@...ux-m68k.org>,
 "Michael Karcher" <kernel@...rcher.dialup.fu-berlin.de>,
 "Chris Hofstaedtler" <zeha@...ian.org>, util-linux@...r.kernel.org,
 linux-mips@...r.kernel.org, loongarch@...ts.linux.dev
Subject: Re: [PATCH] alpha: Fix personality flag propagation across an exec

On Thu, Jan 9, 2025, at 09:01, Arnd Bergmann wrote:
> On Fri, Jan 3, 2025, at 15:01, John Paul Adrian Glaubitz wrote:
>
>> 
>>  #define SET_PERSONALITY(EX)					\
>> -	set_personality(((EX).e_flags & EF_ALPHA_32BIT)		\
>> -	   ? PER_LINUX_32BIT : PER_LINUX)
>> +	set_personality((((EX).e_flags & EF_ALPHA_32BIT)	\
>> +	   ? PER_LINUX_32BIT : PER_LINUX) | (current->personality & (~PER_MASK)))
>
> This looks wrong to me: since ADDR_LIMIT_32BIT is not part of
> PER_MASK, executing a regular binary from a taso binary no longer
> reverts back to the entire 64-bit address space.
>
> It seems that the behavior on most other architectures changed in 2012
> commit 16f3e95b3209 ("cross-arch: don't corrupt personality flags upon
> exec()").
>
> At the time, the same bug existed on mips, parisc and tile, but those
> got fixed quickly.

Correction: from what I can tell, mips still has the bug (and now
also loongarch), it's just in SET_PERSONALITY2() now instead of
SET_PERSONALITY():

        current->personality &= ~READ_IMPLIES_EXEC;
        ...
        p = personality(current->personality);                          \
        if (p != PER_LINUX32 && p != PER_LINUX)                         \
                set_personality(PER_LINUX);                             \

personality() only returns the lower 8 bits (execution domain),
so if any of them are set (BSD/HPUX/IRIX32/IRIX64/...), both
the upper and the lower bits are cleared, otherwise neither
of them are.

The behavior on the other architectures is that we clear the
lower bits but keep the upper ones.

      Arnd

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ