Re: Executing from readablee, no-exec pages

From: Rodrigo Rubira Branco <rrbranco@br.ibm.com>
To: Scott Wood <scottwood@freescale.com>
Cc: linuxppc-dev@ozlabs.org, paulus@samba.org
Subject: Re: Executing from readablee, no-exec pages
Date: Thu, 05 Jul 2007 19:38:55 -0300	[thread overview]
Message-ID: <1183675135.4862.9.camel@localhost.localdomain> (raw)
In-Reply-To: <468D68D4.4050704@freescale.com>

[-- Attachment #1: Type: text/plain, Size: 2175 bytes --]

On Thu, 2007-07-05 at 16:55 -0500, Scott Wood wrote:
> As revealed by the recent "Prevent data exception in kernel space" 
> patch, versions of glibc prior to 2.4[1] assume that, on powerpc32, they 
> can execute out of any readable mapping, regardless of whether it is 
> marked for execution.  This happens in the elf_machine_load_address() 
> function.
> 
> To maintain compatibility with these versions, we could change the test 
> in do_page_fault() to include VM_READ as well as VM_EXEC on targets that 
> don't have a separate exec-bit in hardware (are there any powerpc mmus 
> that do?).  However, Segher suggested on IRC that we may want to drop 
> compatibility with those old versions of glibc, and that I should seek 
> your input.
> 
> Personally, I'd rather stick the VM_READ in there, partially for selfish 
> reasons (our root filesystems are based on older glibcs), and because it 
> seems a little too soon to deprecate glibc 2.3, but also because in the 
> absence of hardware support, the VM_EXEC check will be nondeterministic, 
> kicking in only when the first fault for a page is to execute.
> 
> -Scott
> 
> [1] It's possible that there are other instances of this in 2.4 and that 
> the actual version is newer; I ran into obnoxious cross compilation 
> issues trying to try it.  However,
> 
> <rant>
> Glibc already has target-specific code/headers; if you need to know 
> something that you'd otherwise need a runs-on-the-target autoconf test 
> for, why not just stick it in such a target-specific header?  In this 
> case, it was trying to figure out the size of "long double".
> </rant>
> _______________________________________________
> Linuxppc-dev mailing list
> Linuxppc-dev@ozlabs.org
> https://ozlabs.org/mailman/listinfo/linuxppc-dev

Since may be a security problem (non-exec mappings being executed), I
really believe we don't want to keep the compatibility.

Regards,

Rodrigo (BSDaemon).

-- 
Rodrigo Rubira Branco
Software Engineer 
Advanced Linux Response Team (ALRT) / Linux on Power Toolchain
IBM Linux Technology Center (IBM/LTC)
rrbranco@br.ibm.com

GPG KeyID: 1FCEDEA1

[-- Attachment #2: This is a digitally signed message part --]
[-- Type: application/pgp-signature, Size: 189 bytes --]