Re: binfmt_elf: use ELF_ET_DYN_BASE only for PIE breaks asan

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

To: Kees Cook <keescook@xxxxxxxxxx>
Subject: Re: binfmt_elf: use ELF_ET_DYN_BASE only for PIE breaks asan
From: Kostya Serebryany <kcc@xxxxxxxxxx>
Date: Mon, 7 Aug 2017 12:40:20 -0700
Cc: Daniel Micay <danielmicay@xxxxxxxxx>, Dmitry Vyukov <dvyukov@xxxxxxxxxx>, Michal Hocko <mhocko@xxxxxxxxxx>, Andrew Morton <akpm@xxxxxxxxxxxxxxxxxxxx>, "linux-mm@xxxxxxxxx" <linux-mm@xxxxxxxxx>, Rik van Riel <riel@xxxxxxxxxx>, Reid Kleckner <rnk@xxxxxxxxxx>, Peter Collingbourne <pcc@xxxxxxxxxx>, Evgeniy Stepanov <eugenis@xxxxxxxxxx>
In-reply-to: <CAGXu5jKD0Z=BKxKLDtjKq6sLgoa36bJZmc88k4QRPOHyRQp3BQ@mail.gmail.com>
References: <CACT4Y+bLGEC=14CUJpkMhw0toSxvbyqKj49kqqW+gCLLBDFu4A@mail.gmail.com> <CAGXu5jJhFt8JNFRnB-oiGjNy=Auo4bGx=i=DDtCa__20acANBQ@mail.gmail.com> <CAN=P9pj_jbTgGoiECmu-b=s+NOL6uTkPbXDueXLhs8C6PVbLHg@mail.gmail.com> <CAGXu5jLRG6Xee-dJGPwmbfcVFLuTP9+5mexJyvZamQQdSaHNtA@mail.gmail.com> <1502131739.1803.12.camel@gmail.com> <CAGXu5jKj0M55wK=0WE_uKJpiJ031J5jPVAZR-VA7_O2qJUi=BQ@mail.gmail.com> <CAN=P9pj0TSbwTogLAJrm=yszq+86X0EmXNK-0Oq9f7wQCkQRjA@mail.gmail.com> <CAGXu5jJOOvv=zgSWnKJOae0edKG8MUV1pto1ipijPiRsOdKr+Q@mail.gmail.com> <CAN=P9pgcuXUk=+TvFC83UT7xT66=X2ouvEEWxzVVeM2mC=Tk=g@mail.gmail.com> <CAGXu5jJNW5PYacSNrGGnyAxnv4cRuhbo+P9myHP9kcV7hMzhkA@mail.gmail.com> <CAN=P9ph4f3S3SwSpmpApKKnQ=ce6JXLcpqHG+oJ8EpmSiur0AA@mail.gmail.com> <CAGXu5j+x=vFrd7Owu=CgQcF7YtFAgPxUVo6G=Jzk6fo6mOQZqg@mail.gmail.com> <CAN=P9pg25a80so+RFxpUkm1=JAVtOj_T6CaO3GSZc2+A-PPk6A@mail.gmail.com> <CAGXu5jKD0Z=BKxKLDtjKq6sLgoa36bJZmc88k4QRPOHyRQp3BQ@mail.gmail.com>

On Mon, Aug 7, 2017 at 12:34 PM, Kees Cook <keescook@xxxxxxxxxx> wrote:

(To be clear, this subthread is for dealing with _future_ changes; I'm
already preparing the revert, which is in the other subthread.)

On Mon, Aug 7, 2017 at 12:26 PM, Kostya Serebryany <kcc@xxxxxxxxxx> wrote:
> Oh, a launcher (e.g. just using setarch) would be a huge pain to deploy.

Would loading the executable into the mmap region work?

This is beyond my knowledge. :(

Could you explain?

If we can do this w/o a launcher (and w/o re-executing), we should try.

We could find
a way to mark executables that want this treatment.

--
Kees Cook
Pixel Security

Follow-Ups:
- Re: binfmt_elf: use ELF_ET_DYN_BASE only for PIE breaks asan
  - From: Kees Cook
- Re: binfmt_elf: use ELF_ET_DYN_BASE only for PIE breaks asan
  - From: Daniel Micay

References:
- binfmt_elf: use ELF_ET_DYN_BASE only for PIE breaks asan
  - From: Dmitry Vyukov
- Re: binfmt_elf: use ELF_ET_DYN_BASE only for PIE breaks asan
  - From: Kees Cook
- Re: binfmt_elf: use ELF_ET_DYN_BASE only for PIE breaks asan
  - From: Kostya Serebryany
- Re: binfmt_elf: use ELF_ET_DYN_BASE only for PIE breaks asan
  - From: Kees Cook
- Re: binfmt_elf: use ELF_ET_DYN_BASE only for PIE breaks asan
  - From: Daniel Micay
- Re: binfmt_elf: use ELF_ET_DYN_BASE only for PIE breaks asan
  - From: Kees Cook
- Re: binfmt_elf: use ELF_ET_DYN_BASE only for PIE breaks asan
  - From: Kostya Serebryany
- Re: binfmt_elf: use ELF_ET_DYN_BASE only for PIE breaks asan
  - From: Kees Cook
- Re: binfmt_elf: use ELF_ET_DYN_BASE only for PIE breaks asan
  - From: Kostya Serebryany
- Re: binfmt_elf: use ELF_ET_DYN_BASE only for PIE breaks asan
  - From: Kees Cook
- Re: binfmt_elf: use ELF_ET_DYN_BASE only for PIE breaks asan
  - From: Kostya Serebryany
- Re: binfmt_elf: use ELF_ET_DYN_BASE only for PIE breaks asan
  - From: Kees Cook
- Re: binfmt_elf: use ELF_ET_DYN_BASE only for PIE breaks asan
  - From: Kostya Serebryany
- Re: binfmt_elf: use ELF_ET_DYN_BASE only for PIE breaks asan
  - From: Kees Cook

Prev by Date: Re: binfmt_elf: use ELF_ET_DYN_BASE only for PIE breaks asan
Next by Date: Re: binfmt_elf: use ELF_ET_DYN_BASE only for PIE breaks asan
Previous by thread: Re: binfmt_elf: use ELF_ET_DYN_BASE only for PIE breaks asan
Next by thread: Re: binfmt_elf: use ELF_ET_DYN_BASE only for PIE breaks asan
Index(es):
- Date
- Thread

[Index of Archives] [Linux ARM Kernel] [Linux ARM] [Linux Omap] [Fedora ARM] [IETF Annouce] [Bugtraq] [Linux OMAP] [Linux MIPS] [eCos] [Asterisk Internet PBX] [Linux API]