* Topi Miettinen: > Allowing mprotect(PROT_EXEC|PROT_BTI) would mean that all you need to > circumvent MDWX is to add PROT_BTI flag. I'd suggest getting the flags > right at mmap() time or failing that, reverting the PROT_BTI for > legacy programs later. > > Could the kernel tell the loader of the BTI situation with auxiliary > vectors? Then it would be easy for the loader to always use the best > mmap() flags without ever needing to mprotect(). I think what we want is a mprotect2 call with a flags argument (separate from protection flags) that tells the kernel that the request *removes* protection flags and should fail otherwise. seccomp could easily filter that then. But like the other proposals, the migration story isn't great. You would need kernel and seccomp/systemd etc. updates before glibc starts working, even if glibc has a fallback from mprotect2 to mprotect (because the latter would be blocked). Thanks, Florian -- Red Hat GmbH, https://de.redhat.com/ , Registered seat: Grasbrunn, Commercial register: Amtsgericht Muenchen, HRB 153243, Managing Directors: Charles Cachera, Brian Klemm, Laurie Krebs, Michael O'Neill _______________________________________________ systemd-devel mailing list systemd-devel@xxxxxxxxxxxxxxxxxxxxx https://lists.freedesktop.org/mailman/listinfo/systemd-devel
Re: BTI interaction between seccomp filters in systemd and glibc mprotect calls, causing service failures
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
- Subject: Re: BTI interaction between seccomp filters in systemd and glibc mprotect calls, causing service failures
- From: Florian Weimer <fweimer@xxxxxxxxxx>
- Date: Thu, 22 Oct 2020 12:27:00 +0200
- Cc: Mark Rutland <mark.rutland@xxxxxxx>, systemd-devel@xxxxxxxxxxxxxxxxxxxxx, Kees Cook <keescook@xxxxxxxxxxxx>, Szabolcs Nagy <szabolcs.nagy@xxxxxxx>, Catalin Marinas <catalin.marinas@xxxxxxx>, Will Deacon <will.deacon@xxxxxxx>, "linux-kernel@xxxxxxxxxxxxxxx" <linux-kernel@xxxxxxxxxxxxxxx>, Mark Brown <broonie@xxxxxxxxxx>, Lennart Poettering <mzxreary@xxxxxxxxxxx>, libc-alpha@xxxxxxxxxxxxxx, Dave Martin <dave.martin@xxxxxxx>, "linux-arm-kernel@xxxxxxxxxxxxxxxxxxx" <linux-arm-kernel@xxxxxxxxxxxxxxxxxxx>
- In-reply-to: <4e82e730-4e71-35fe-e46e-f032766dedeb@gmail.com> (Topi Miettinen's message of "Thu, 22 Oct 2020 13:12:09 +0300")
- References: <8584c14f-5c28-9d70-c054-7c78127d84ea@arm.com> <20201022071812.GA324655@gardel-login> <87sga6snjn.fsf@oldenburg2.str.redhat.com> <511318fd-efde-f2fc-9159-9d16ac8d33a7@gmail.com> <20201022082912.GQ3819@arm.com> <20201022083823.GA324825@gardel-login> <20201022093104.GB1229@gaia> <4e82e730-4e71-35fe-e46e-f032766dedeb@gmail.com>
- User-agent: Gnus/5.13 (Gnus v5.13) Emacs/27.1 (gnu/linux)
- References:
- BTI interaction between seccomp filters in systemd and glibc mprotect calls, causing service failures
- From: Jeremy Linton
- Re: BTI interaction between seccomp filters in systemd and glibc mprotect calls, causing service failures
- From: Lennart Poettering
- Re: BTI interaction between seccomp filters in systemd and glibc mprotect calls, causing service failures
- From: Florian Weimer
- Re: BTI interaction between seccomp filters in systemd and glibc mprotect calls, causing service failures
- From: Topi Miettinen
- Re: BTI interaction between seccomp filters in systemd and glibc mprotect calls, causing service failures
- From: Lennart Poettering
- Re: BTI interaction between seccomp filters in systemd and glibc mprotect calls, causing service failures
- From: Topi Miettinen
- BTI interaction between seccomp filters in systemd and glibc mprotect calls, causing service failures
- Prev by Date: Re: Suppressing spam error messages in the system journal
- Next by Date: Re: BTI interaction between seccomp filters in systemd and glibc mprotect calls, causing service failures
- Previous by thread: Re: BTI interaction between seccomp filters in systemd and glibc mprotect calls, causing service failures
- Next by thread: Re: BTI interaction between seccomp filters in systemd and glibc mprotect calls, causing service failures
- Index(es):
 |