Re: [RFC 37/37] fs/binfmt_elf: Block old shstk elf bit

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

To: "fweimer@xxxxxxxxxx" <fweimer@xxxxxxxxxx>, "hjl.tools@xxxxxxxxx" <hjl.tools@xxxxxxxxx>
Subject: Re: [RFC 37/37] fs/binfmt_elf: Block old shstk elf bit
From: "Edgecombe, Rick P" <rick.p.edgecombe@xxxxxxxxx>
Date: Mon, 7 Nov 2022 16:49:58 +0000
Accept-language: en-US
Cc: "bsingharora@xxxxxxxxx" <bsingharora@xxxxxxxxx>, "hpa@xxxxxxxxx" <hpa@xxxxxxxxx>, "Syromiatnikov, Eugene" <esyr@xxxxxxxxxx>, "peterz@xxxxxxxxxxxxx" <peterz@xxxxxxxxxxxxx>, "rdunlap@xxxxxxxxxxxxx" <rdunlap@xxxxxxxxxxxxx>, "keescook@xxxxxxxxxxxx" <keescook@xxxxxxxxxxxx>, "Yu, Yu-cheng" <yu-cheng.yu@xxxxxxxxx>, "dave.hansen@xxxxxxxxxxxxxxx" <dave.hansen@xxxxxxxxxxxxxxx>, "Eranian, Stephane" <eranian@xxxxxxxxxx>, "kirill.shutemov@xxxxxxxxxxxxxxx" <kirill.shutemov@xxxxxxxxxxxxxxx>, "linux-mm@xxxxxxxxx" <linux-mm@xxxxxxxxx>, "nadav.amit@xxxxxxxxx" <nadav.amit@xxxxxxxxx>, "jannh@xxxxxxxxxx" <jannh@xxxxxxxxxx>, "dethoma@xxxxxxxxxxxxx" <dethoma@xxxxxxxxxxxxx>, "kcc@xxxxxxxxxx" <kcc@xxxxxxxxxx>, "linux-arch@xxxxxxxxxxxxxxx" <linux-arch@xxxxxxxxxxxxxxx>, "bp@xxxxxxxxx" <bp@xxxxxxxxx>, "oleg@xxxxxxxxxx" <oleg@xxxxxxxxxx>, "Yang, Weijiang" <weijiang.yang@xxxxxxxxx>, "Lutomirski, Andy" <luto@xxxxxxxxxx>, "pavel@xxxxxx" <pavel@xxxxxx>, "arnd@xxxxxxxx" <arnd@xxxxxxxx>, "tglx@xxxxxxxxxxxxx" <tglx@xxxxxxxxxxxxx>, "mike.kravetz@xxxxxxxxxx" <mike.kravetz@xxxxxxxxxx>, "x86@xxxxxxxxxx" <x86@xxxxxxxxxx>, "linux-doc@xxxxxxxxxxxxxxx" <linux-doc@xxxxxxxxxxxxxxx>, "jamorris@xxxxxxxxxxxxxxxxxxx" <jamorris@xxxxxxxxxxxxxxxxxxx>, "john.allen@xxxxxxx" <john.allen@xxxxxxx>, "rppt@xxxxxxxxxx" <rppt@xxxxxxxxxx>, "mingo@xxxxxxxxxx" <mingo@xxxxxxxxxx>, "Shankar, Ravi V" <ravi.v.shankar@xxxxxxxxx>, "corbet@xxxxxxx" <corbet@xxxxxxx>, "linux-kernel@xxxxxxxxxxxxxxx" <linux-kernel@xxxxxxxxxxxxxxx>, "linux-api@xxxxxxxxxxxxxxx" <linux-api@xxxxxxxxxxxxxxx>, "gorcunov@xxxxxxxxx" <gorcunov@xxxxxxxxx>, "akpm@xxxxxxxxxxxxxxxxxxxx" <akpm@xxxxxxxxxxxxxxxxxxxx>
In-reply-to: <87iljs4ecp.fsf@oldenburg.str.redhat.com>
References: <20221104223604.29615-1-rick.p.edgecombe@intel.com> <20221104223604.29615-38-rick.p.edgecombe@intel.com> <CAMe9rOpfSccXVWmgK6E0Y0DXC=VX3PpdxXookN1Ty8soeAxrKw@mail.gmail.com> <87iljs4ecp.fsf@oldenburg.str.redhat.com>

On Sun, 2022-11-06 at 10:33 +0100, Florian Weimer wrote:
> * H. J. Lu:
> 
> > This change doesn't make a binary CET compatible.  It just requires
> > that the toolchain must be updated and all binaries have to be
> > recompiled with the new toolchain to enable CET.  It doesn't solve
> > any
> > issue which can't be solved by not updating glibc.
> 
> Right, and it doesn't even address the library case (the kernel would
> have to hook into mmap for that).  The kernel shouldn't do this.

Shadow stack shouldn't enable as a result of loading a library, if
that's what you mean.

Follow-Ups:
- Re: [RFC 37/37] fs/binfmt_elf: Block old shstk elf bit
  - From: Florian Weimer

References:
- [PATCH v3 00/37] Shadow stacks for userspace
  - From: Rick Edgecombe
- [RFC 37/37] fs/binfmt_elf: Block old shstk elf bit
  - From: Rick Edgecombe
- Re: [RFC 37/37] fs/binfmt_elf: Block old shstk elf bit
  - From: H.J. Lu
- Re: [RFC 37/37] fs/binfmt_elf: Block old shstk elf bit
  - From: Florian Weimer

Prev by Date: Re: [RFC 37/37] fs/binfmt_elf: Block old shstk elf bit
Next by Date: Re: [RFC 37/37] fs/binfmt_elf: Block old shstk elf bit
Previous by thread: Re: [RFC 37/37] fs/binfmt_elf: Block old shstk elf bit
Next by thread: Re: [RFC 37/37] fs/binfmt_elf: Block old shstk elf bit
Index(es):
- Date
- Thread

[Index of Archives] [Kernel Newbies] [Security] [Netfilter] [Bugtraq] [Linux FS] [Yosemite Forum] [MIPS Linux] [ARM Linux] [Linux Security] [Linux RAID] [Samba] [Video 4 Linux] [Device Mapper] [Linux Resources]