On Thu, Feb 26, 2015 at 4:11 PM, Kees Cook wrote:
> On Thu, Feb 26, 2015 at 4:06 PM, Andrew Morton
> wrote:
>> On Thu, 26 Feb 2015 15:37:37 -0800 Kees Cook wrote:
>>
>>> Agh, no, please let's avoid the CONFIG addition.
>>
>> That is precisely how we do this.
>>
>>> Hector mentioned in private
On Thu, 26 Feb 2015 15:34:36 -0800 Kees Cook wrote:
> >> That pointless repetition should be avoided.
> >
> > That's surprisingly hard!
> >
> > After renaming mips brk_rnd() to mmap_rnd() I had a shot. I'm not very
> > confident in the result. Does that __weak trick even work?
>
> In theory,
On Thu, Feb 26, 2015 at 2:38 PM, Andrew Morton
wrote:
> On Tue, 24 Feb 2015 08:39:06 +0100 Ingo Molnar wrote:
>
>>
>> * Hector Marco Gisbert wrote:
>>
>> > +unsigned long randomize_et_dyn(unsigned long base)
>> > +{
>> > + unsigned long ret;
>> > + if ((current->personality &
Hi Andrew,
[Just resending to correct addresses - sorry for those who get a duplicate]
On Thu, 26 Feb 2015 14:38:15 -0800 Andrew Morton
wrote:
>
> diff -puN
> fs/binfmt_elf.c~fix-offset2lib-issue-for-x86-arm-powerpc-and-mips-fix
> fs/binfmt_elf.c
> ---
On Thu, 26 Feb 2015 23:00:52 + Russell King - ARM Linux
wrote:
> On Thu, Feb 26, 2015 at 02:38:15PM -0800, Andrew Morton wrote:
> > diff -puN
> > arch/arm64/Kconfig~fix-offset2lib-issue-for-x86-arm-powerpc-and-mips-fix
> > arch/arm64/Kconfig
> > ---
> >
On Thu, 26 Feb 2015 14:38:15 -0800 Andrew Morton
wrote:
> Does that __weak trick even work?
Nope.
--- a/fs/binfmt_elf.c~fix-offset2lib-issue-for-x86-arm-powerpc-and-mips-fix-fix
+++ a/fs/binfmt_elf.c
@@ -2307,10 +2307,10 @@ unsigned long __weak mmap_rnd(void)
}
/*
- * Not all
On Thu, Feb 26, 2015 at 02:38:15PM -0800, Andrew Morton wrote:
> diff -puN
> arch/arm64/Kconfig~fix-offset2lib-issue-for-x86-arm-powerpc-and-mips-fix
> arch/arm64/Kconfig
> --- a/arch/arm64/Kconfig~fix-offset2lib-issue-for-x86-arm-powerpc-and-mips-fix
> +++ a/arch/arm64/Kconfig
> @@ -1,4 +1,4 @@
On 02/26/2015 02:38 PM, Andrew Morton wrote:
[...]
From: Andrew Morton
Subject: fix-offset2lib-issue-for-x86-arm-powerpc-and-mips-fix
Consolidate randomize_et_dyn() implementations into fs/binfmt_elf.c.
There doesn't seem to be a compile-time way of making randomize_et_dyn()
go away on
On Tue, 24 Feb 2015 08:39:06 +0100 Ingo Molnar wrote:
>
> * Hector Marco Gisbert wrote:
>
> > +unsigned long randomize_et_dyn(unsigned long base)
> > +{
> > + unsigned long ret;
> > + if ((current->personality & ADDR_NO_RANDOMIZE) ||
> > + !(current->flags & PF_RANDOMIZE))
> > +
On Thu, 26 Feb 2015 23:00:52 + Russell King - ARM Linux
li...@arm.linux.org.uk wrote:
On Thu, Feb 26, 2015 at 02:38:15PM -0800, Andrew Morton wrote:
diff -puN
arch/arm64/Kconfig~fix-offset2lib-issue-for-x86-arm-powerpc-and-mips-fix
arch/arm64/Kconfig
---
On Thu, Feb 26, 2015 at 4:11 PM, Kees Cook keesc...@chromium.org wrote:
On Thu, Feb 26, 2015 at 4:06 PM, Andrew Morton
a...@linux-foundation.org wrote:
On Thu, 26 Feb 2015 15:37:37 -0800 Kees Cook keesc...@chromium.org wrote:
Agh, no, please let's avoid the CONFIG addition.
That is
On Thu, Feb 26, 2015 at 02:38:15PM -0800, Andrew Morton wrote:
diff -puN
arch/arm64/Kconfig~fix-offset2lib-issue-for-x86-arm-powerpc-and-mips-fix
arch/arm64/Kconfig
--- a/arch/arm64/Kconfig~fix-offset2lib-issue-for-x86-arm-powerpc-and-mips-fix
+++ a/arch/arm64/Kconfig
@@ -1,4 +1,4 @@
On Thu, 26 Feb 2015 15:34:36 -0800 Kees Cook keesc...@chromium.org wrote:
That pointless repetition should be avoided.
That's surprisingly hard!
After renaming mips brk_rnd() to mmap_rnd() I had a shot. I'm not very
confident in the result. Does that __weak trick even work?
In
On Tue, 24 Feb 2015 08:39:06 +0100 Ingo Molnar mi...@kernel.org wrote:
* Hector Marco Gisbert hecma...@upv.es wrote:
+unsigned long randomize_et_dyn(unsigned long base)
+{
+ unsigned long ret;
+ if ((current-personality ADDR_NO_RANDOMIZE) ||
+ !(current-flags
On Thu, 26 Feb 2015 14:38:15 -0800 Andrew Morton a...@linux-foundation.org
wrote:
Does that __weak trick even work?
Nope.
--- a/fs/binfmt_elf.c~fix-offset2lib-issue-for-x86-arm-powerpc-and-mips-fix-fix
+++ a/fs/binfmt_elf.c
@@ -2307,10 +2307,10 @@ unsigned long __weak mmap_rnd(void)
}
/*
On Thu, Feb 26, 2015 at 2:38 PM, Andrew Morton
a...@linux-foundation.org wrote:
On Tue, 24 Feb 2015 08:39:06 +0100 Ingo Molnar mi...@kernel.org wrote:
* Hector Marco Gisbert hecma...@upv.es wrote:
+unsigned long randomize_et_dyn(unsigned long base)
+{
+ unsigned long ret;
+ if
On 02/26/2015 02:38 PM, Andrew Morton wrote:
[...]
From: Andrew Mortona...@linux-foundation.org
Subject: fix-offset2lib-issue-for-x86-arm-powerpc-and-mips-fix
Consolidate randomize_et_dyn() implementations into fs/binfmt_elf.c.
There doesn't seem to be a compile-time way of making
Hi Andrew,
[Just resending to correct addresses - sorry for those who get a duplicate]
On Thu, 26 Feb 2015 14:38:15 -0800 Andrew Morton a...@linux-foundation.org
wrote:
diff -puN
fs/binfmt_elf.c~fix-offset2lib-issue-for-x86-arm-powerpc-and-mips-fix
fs/binfmt_elf.c
---
* Hector Marco Gisbert wrote:
> +unsigned long randomize_et_dyn(unsigned long base)
> +{
> + unsigned long ret;
> + if ((current->personality & ADDR_NO_RANDOMIZE) ||
> + !(current->flags & PF_RANDOMIZE))
> + return base;
> + ret = base + mmap_rnd();
> +
[PATCH] Fix offset2lib issue for x86*, ARM*, PowerPC and MIPS
The issue appears on PIE linked executables when all memory areas of a
process are randomized. In this case, the attack "offset2lib" de-randomizes
all library areas on 64 bit Linux systems in less than one second.
Furth
n?
On Mon, Feb 23, 2015 at 10:37 AM, Hector Marco wrote:
> [PATCH] Fix offset2lib issue for x86*, ARM*, PowerPC and MIPS
>
> The issue appears on PIE linked executables when all memory areas of a
> process are randomized. In this case, the attack "offset2lib" de-randomizes
>
[PATCH] Fix offset2lib issue for x86*, ARM*, PowerPC and MIPS
The issue appears on PIE linked executables when all memory areas of a process are randomized. In
this case, the attack "offset2lib" de-randomizes all library areas on 64 bit Linux systems in less
than one second.
Furth
[PATCH] Fix offset2lib issue for x86*, ARM*, PowerPC and MIPS
The issue appears on PIE linked executables when all memory areas of a process are randomized. In
this case, the attack offset2lib de-randomizes all library areas on 64 bit Linux systems in less
than one second.
Further details
23, 2015 at 10:37 AM, Hector Marco hecma...@upv.es wrote:
[PATCH] Fix offset2lib issue for x86*, ARM*, PowerPC and MIPS
The issue appears on PIE linked executables when all memory areas of a
process are randomized. In this case, the attack offset2lib de-randomizes
all library areas on 64 bit
[PATCH] Fix offset2lib issue for x86*, ARM*, PowerPC and MIPS
The issue appears on PIE linked executables when all memory areas of a
process are randomized. In this case, the attack offset2lib de-randomizes
all library areas on 64 bit Linux systems in less than one second.
Further details
* Hector Marco Gisbert hecma...@upv.es wrote:
+unsigned long randomize_et_dyn(unsigned long base)
+{
+ unsigned long ret;
+ if ((current-personality ADDR_NO_RANDOMIZE) ||
+ !(current-flags PF_RANDOMIZE))
+ return base;
+ ret = base + mmap_rnd();
+
26 matches
Mail list logo