Re: Reproducer for the posix_spawn() bug on sparc64

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Sun, 2024-02-11 at 14:05 +0100, Michael Karcher wrote:
> That reproducer did not work reliably under all circumstances, because 
> the stack limit was guessed to be 8K to 12K from the current stack 
> pointer, which is not always correct. The size of the stack at the start 
> of main depends on the size of the environment. Please find attached a 
> more robust reproducer.

I can also reproduce it on kernel 3.2.0 with glibc 2.13 on both 32-bit and
64-bit SPARC:

root@debian:~# gcc -m64 more_clone_attack.c -o more_clone_attack
root@debian:~# file more_clone_attack
more_clone_attack: ELF 64-bit MSB executable, SPARC V9, relaxed memory ordering, version 1 (SYSV), dynamically linked (uses shared libs), for GNU/Linux 2.6.26,
BuildID[sha1]=0xb85b22284c93e15dc5ce002c332748d831b50b33, not stripped
root@debian:~# ./more_clone_attack 
effective FP in clone() with waste 0 = 7feff9d1800
this is 768 64-bit words above the next page boundary
clone: Bad address
Problem detected at 0 pages distance
root@debian:~# uname -a
Linux debian 3.2.0-4-sparc64 #1 Debian 3.2.78-1 sparc64 GNU/Linux
root@debian:~# dpkg -l libc6
Desired=Unknown/Install/Remove/Purge/Hold
| Status=Not/Inst/Conf-files/Unpacked/halF-conf/Half-inst/trig-aWait/Trig-pend
|/ Err?=(none)/Reinst-required (Status,Err: uppercase=bad)
||/ Name           Version      Architecture Description
+++-==============-============-============-=================================
ii  libc6:sparc    2.13-38+deb7 sparc        Embedded GNU C Library: Shared li
root@debian:~#

root@debian:~# gcc more_clone_attack.c -o more_clone_attack
root@debian:~# 
root@debian:~# ./more_clone_attack 
effective FP in clone() with waste 0 = ff991c4000010e57
this is 458 64-bit words above the next page boundary
clone: Bad address
Problem detected at 2 pages distance
root@debian:~# uname -a
Linux debian 3.2.0-4-sparc64 #1 Debian 3.2.78-1 sparc64 GNU/Linux
root@debian:~# dpkg -l libc6
Desired=Unknown/Install/Remove/Purge/Hold
| Status=Not/Inst/Conf-files/Unpacked/halF-conf/Half-inst/trig-aWait/Trig-pend
|/ Err?=(none)/Reinst-required (Status,Err: uppercase=bad)
||/ Name           Version      Architecture Description
+++-==============-============-============-=================================
ii  libc6:sparc    2.13-38+deb7 sparc        Embedded GNU C Library: Shared li
root@debian:~#

Adrian

-- 
 .''`.  John Paul Adrian Glaubitz
: :' :  Debian Developer
`. `'   Physicist
  `-    GPG: 62FF 8A75 84E0 2956 9546  0006 7426 3B37 F5B5 F913
[Index of Archives]     [Kernel Development]     [DCCP]     [Linux ARM Development]     [Linux]     [Photo]     [Yosemite Help]     [Linux ARM Kernel]     [Linux SCSI]     [Linux x86_64]     [Linux Hams]
  Powered by Linux