On Fri, Nov 11, 2022 at 3:38 AM Kees Cook <keescook@xxxxxxxxxxxx> wrote: > > On Tue, Nov 08, 2022 at 11:07:15AM +0000, Pedro Falcato wrote: > > [...] > > + * This tail logic is skippable if we're the last phdr, as > > + * nothing can map an address >= our p_vaddr, since ELF phdr > > + * PT_LOAD segments are required to be sorted in an increasing > > + * order. > > I'm still looking through the patch, but I do want to call this bit out > as a problem. The kernel cannot, unfortunately, make this assumption. See: > https://lore.kernel.org/linux-fsdevel/YfOooXQ2ScpZLhmD@fractal.localdomain/ Ugh. I guess it doesn't matter in this situation? That logic only matters if we're trying to fix this new loading bug, and old executables load correctly with the old behavior anyway, which is what you get if that logic falls through. I don't know if this makes sense, but in my (possibly naive) opinion we have a compromise to keep loading what could already be loaded, without actually requiring to load broken ELFs 100% correctly. We could of course also just sort the program headers at load time, but I assume that's unwanted overhead for most well behaved ELF program headers :) -- Pedro Falcato
