On Mon, Mar 11, 2013 at 2:01 PM, Andrew Morton <a...@linux-foundation.org> wrote: > On Mon, 11 Mar 2013 13:37:53 -0700 Kees Cook <keesc...@chromium.org> wrote: > >> ... >> > > (pop toasting undone) > >> > Subject: signal: always clear sa_restorer on execve >> > >> > When the new signal handlers are set up, the location of sa_restorer is >> > not cleared, leaking a parent process's address space location to >> > children. This allows for a potential bypass of the parent's ASLR by >> > examining the sa_restorer value returned when calling sigaction(). >> > >> > Based on what should be considered "secret" about addresses, it only >> > matters across the exec not the fork (since the VMAs haven't changed until >> > the exec). But since exec sets SIG_DFL and keeps sa_restorer, this is >> > where it should be fixed. >> >> A note for backporters: you'll likely want to change >> __ARCH_HAS_SA_RESTORER to SA_RESTORER, since the former was recently >> introduced. If not, this will apply but not actually do any good. > > I added this to the changelog, but I fear people won't read it! Is > there any clever way in which we can have one patch which will work OK > in both old and new kernels? I can't think of one...
Using just SA_RESTORER will work in both cases, but isn't "correct" going forward. :( -Kees -- Kees Cook Chrome OS Security -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
