From: Artur Skawina <art_k@o2.pl>
To: gcc@gcc.gnu.org, linux-kernel@vger.kernel.org
Subject: Re: RELEASE BLOCKER: Linux doesn't follow x86/x86-64 ABI wrt direction flag
Date: Thu, 06 Mar 2008 22:37:55 +0100 [thread overview]
Message-ID: <47D06433.1010502@o2.pl> (raw)
In-Reply-To: <20080306201633.GM27983@randombit.net>
Jack Lloyd wrote:
> But still: so the threat here is of a malicious process with the
> ability to send arbitrary signals to any process using CAP_KILL (since
> in any other case when a process can send a signal, it can do much
> more damage in other ways), which could leverage that into
> (potentially) uid==0 using misexecuted code in a signal handler.
>
> As a correctness issue, obviously this should be fixed/patched around,
> if feasible. But as a security flaw? I'm not seeing much that is
> compelling.
>
>> 2) sometimes setuid programs send signals (e.g. SIGHUP or SIGUSR1)
>
> I don't understand how this is a problem - unless these setuid
> programs, while not malicious, can be tricked into signalling a
> process they did not intend to. (In which case they already have a
> major bug, df bit being cleared or not).
think apps keeping crypto keys etc in ram and wiping them from signal
handlers. eg gnupg does this; fortunately it seems to have moved from
memset() to a open coded solution, so probably isn't affected. OTOH
it wouldn't surprise me these days if the compiler would emit string
ops even w/o an explicit mem* call.
Copying a private memory region to some public buffer could also lead
to interesting results...
IOW being able to avoid a memset (or copying the wrong data) certainly
could have security consequences.
artur
next prev parent reply other threads:[~2008-03-06 21:38 UTC|newest]
Thread overview: 98+ messages / expand[flat|nested] mbox.gz Atom feed top
2008-03-05 15:30 Linux doesn't follow x86/x86-64 ABI wrt direction flag Aurelien Jarno
2008-03-05 16:00 ` H. Peter Anvin
2008-03-05 19:58 ` Joe Buck
2008-03-05 20:23 ` Aurelien Jarno
2008-03-05 20:38 ` Michael Matz
2008-03-05 20:42 ` Joe Buck
2008-03-05 20:49 ` Jan Hubicka
2008-03-05 21:02 ` Michael Matz
2008-03-05 21:20 ` RELEASE BLOCKER: " Joe Buck
2008-03-05 21:32 ` Richard Guenther
2008-03-05 21:34 ` H. Peter Anvin
2008-03-05 21:40 ` Richard Guenther
2008-03-05 22:16 ` David Miller
2008-03-05 22:37 ` Joe Buck
2008-03-05 22:51 ` Michael Matz
2008-03-05 22:58 ` H. Peter Anvin
2008-03-05 23:07 ` Michael Matz
2008-03-05 23:10 ` David Miller
2008-03-05 23:16 ` Joe Buck
2008-03-05 23:12 ` Olivier Galibert
2008-03-05 21:43 ` Joe Buck
2008-03-05 21:44 ` Richard Guenther
[not found] ` <738B72DB-A1D6-43F8-813A-E49688D05771@apple.com>
2008-03-05 21:59 ` Michael Matz
2008-03-05 22:13 ` Adrian Bunk
2008-03-05 22:21 ` David Miller
2008-03-05 23:13 ` Olivier Galibert
2008-03-06 0:36 ` Chris Lattner
2008-03-06 0:47 ` H. Peter Anvin
[not found] ` <578FCA7D-D7A6-44F6-9310-4A97C13CDCBE@apple.com>
2008-03-06 1:12 ` H. Peter Anvin
2008-03-06 9:17 ` Jakub Jelinek
2008-03-06 13:51 ` Olivier Galibert
2008-03-06 14:03 ` Paolo Bonzini
2008-03-06 14:12 ` Olivier Galibert
2008-03-06 14:15 ` Andrew Haley
2008-03-06 17:58 ` Joe Buck
2008-03-06 18:10 ` Olivier Galibert
2008-03-06 18:13 ` Paolo Bonzini
2008-03-06 18:31 ` Jack Lloyd
2008-03-06 18:35 ` Andrew Pinski
2008-03-06 19:44 ` Paolo Bonzini
2008-03-06 19:43 ` Paolo Bonzini
2008-03-06 20:16 ` Jack Lloyd
2008-03-06 21:37 ` Artur Skawina [this message]
2008-03-06 15:09 ` Robert Dewar
2008-03-06 15:37 ` NightStrike
2008-03-06 15:43 ` H.J. Lu
2008-03-06 15:50 ` H. Peter Anvin
2008-03-06 16:23 ` Jakub Jelinek
2008-03-06 16:27 ` İsmail Dönmez
2008-03-06 16:58 ` H.J. Lu
2008-03-06 17:06 ` H. Peter Anvin
2008-03-06 17:14 ` H.J. Lu
2008-03-06 17:17 ` H. Peter Anvin
2008-03-06 17:34 ` H.J. Lu
2008-03-06 19:35 ` Robert Dewar
2008-03-06 17:18 ` Robert Dewar
2008-03-06 17:19 ` H. Peter Anvin
2008-03-06 19:25 ` Robert Dewar
2008-03-06 20:37 ` H. Peter Anvin
2008-03-07 8:28 ` Florian Weimer
2008-03-07 8:00 ` Andreas Jaeger
2008-03-06 15:57 ` Robert Dewar
2008-03-06 16:29 ` Paolo Bonzini
2008-03-06 17:18 ` H. Peter Anvin
2008-03-06 16:14 ` Artur Skawina
2008-03-06 0:49 ` Aurelien Jarno
2008-03-05 22:05 ` H. Peter Anvin
2008-03-06 2:11 ` Krzysztof Halasa
2008-03-06 8:44 ` Andi Kleen
2008-03-06 9:01 ` Jakub Jelinek
2008-03-06 15:20 ` H. Peter Anvin
2008-03-05 21:45 ` Aurelien Jarno
2008-03-05 21:43 ` Andrew Pinski
2008-03-05 21:43 ` Michael Matz
2008-03-05 22:12 ` Joe Buck
2008-03-05 22:17 ` David Miller
2008-03-05 23:17 ` Olivier Galibert
2008-03-05 23:21 ` David Daney
2008-03-06 14:06 ` Olivier Galibert
2008-03-08 19:10 ` Alexandre Oliva
2008-03-05 21:07 ` H. Peter Anvin
2008-03-05 20:44 ` H. Peter Anvin
2008-03-05 20:52 ` Aurelien Jarno
2008-03-05 21:23 ` David Miller
2008-03-06 9:53 ` Andrew Haley
2008-03-06 11:45 ` Andi Kleen
2008-03-06 12:06 ` Richard Guenther
2008-03-06 17:34 ` Joe Buck
2008-03-06 20:54 ` Richard Guenther
2008-03-06 20:56 ` H. Peter Anvin
2008-03-06 22:06 ` Andi Kleen
2008-03-07 4:56 ` Chris Lattner
2008-03-07 14:09 ` Michael Matz
2008-03-06 9:45 ` Mikael Pettersson
2008-03-05 16:56 ` H.J. Lu
2008-03-05 18:14 ` [PATCH] x86: Clear DF before calling signal handler Aurelien Jarno
2008-03-05 18:17 ` H. Peter Anvin
2008-03-06 9:21 ` Ingo Molnar
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=47D06433.1010502@o2.pl \
--to=art_k@o2.pl \
--cc=gcc@gcc.gnu.org \
--cc=linux-kernel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.