On Fri, Nov 11, 2022 at 6:15 AM Kees Cook <keescook@xxxxxxxxxxxx> wrote: > > On Fri, Nov 11, 2022 at 03:59:08AM +0000, Pedro Falcato wrote: > > We could of course also just sort the program headers at load time, > > but I assume that's unwanted overhead for most well behaved ELF > > program headers :) > > Large refactoring of the ELF loader needs proper unit testing, and we're > still a bit away from that existing. In the meantime, we'll need to make > very very small changes to fix bugs. I've sent a minimal change which I > think should fix the problem (now at v2 since right after sending it I > realized I was trading one accidentally correct state for another in the > v1): > https://lore.kernel.org/linux-hardening/20221111061315.gonna.703-kees@xxxxxxxxxx/ Got it. I understand you may be a bit nervous deploying this patch ATM. What are we missing for ELF loader kunit testing? How can one help? Note that my -v1 is still relatively safe and was already tested, you could just apply that. Thanks, Pedro
