From: Oren Laadan <orenl-eQaUEPhvms7ENvBUuze7eA@public.gmane.org>
To: "Serge E. Hallyn" <serue-r/Jw6+rmf7HQT0dZR+AlfA@public.gmane.org>
Cc: Linux Containers <containers-qjLDD68F18O7TbgM5vRIOg@public.gmane.org>
Subject: Re: [RFC PATCH] Make AT_VECTOR_SIZE_ARCH 2 for x86-32
Date: Tue, 09 Feb 2010 12:05:31 -0500 [thread overview]
Message-ID: <4B7195DB.7080009@cs.columbia.edu> (raw)
In-Reply-To: <20100209020720.GB13571-r/Jw6+rmf7HQT0dZR+AlfA@public.gmane.org>
Serge E. Hallyn wrote:
> Quoting Oren Laadan (orenl-eQaUEPhvms7ENvBUuze7eA@public.gmane.org):
>>
>> Serge E. Hallyn wrote:
>>> Quoting Serge E. Hallyn (serue-r/Jw6+rmf7HQT0dZR+AlfA@public.gmane.org):
>>>> [ RFC: Am I on crack? ]
>>>>
>>>> Both x86-32 and x86-64 with 32-bit compat use ARCH_DLINFO_IA32,
>>>> which defines two saved_auxv entries. But system.h only defines
>>>> AT_VECTOR_SIZE_ARCH as 2 for CONFIG_IA32_EMULATION, not for
>>>> CONFIG_X86_32. Fix that.
>>> To be clear, this patch if right would be for pushing upstream
>>> immediately. It still leaves open the question of what we want
>>> to do about saved_auxv. We currently just write it out as a
>>> buffer, but since it is actually an array of longs, and therefore
>>> differently sized on x86-32 and x86-64-compat, we would need to
>>> write them out entry-by-entry (and validate no overflows for
>>> TIF_IA32 tasks). Does that seem warranted?
>> Yes: iterate over entries and copy them.
>>
>> From a brief look at the code, I don't think the contents of the
>> saved_auxv is used anywhere inside the kernel (it's exported via
>> /proc), except for the reliance on a trailing AT_NULL record
>> which is easy to test for.
>>
>> Would it be wrong or insecure to export whatever garbage the user
>> may have put in that array (assuming it is null terminated) ?
>
> I don't know which tools use the /proc/$$/auxv output, but I don't
> see why it would be unsafe so long as we (as I do) only copy
> AT_VECTOR_SIZE unsigned longs.
>
> I suppose we could try and be more knowledgable about the internals
> and restore them to values that make sense, using code we'd share
> with fs/binfmt_elf.c...
I'm quite certain that restart much validate at least that
the array ends with an AT_NULL. See for example fill_auxv_note()
in binmft_elf.c.
Oren.
prev parent reply other threads:[~2010-02-09 17:05 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2010-02-08 20:34 [RFC PATCH] Make AT_VECTOR_SIZE_ARCH 2 for x86-32 Serge E. Hallyn
[not found] ` <20100208203440.GA27389-r/Jw6+rmf7HQT0dZR+AlfA@public.gmane.org>
2010-02-08 20:48 ` Serge E. Hallyn
[not found] ` <20100208204837.GA27904-r/Jw6+rmf7HQT0dZR+AlfA@public.gmane.org>
2010-02-08 22:04 ` Oren Laadan
[not found] ` <4B708A73.9010306-eQaUEPhvms7ENvBUuze7eA@public.gmane.org>
2010-02-09 2:07 ` Serge E. Hallyn
[not found] ` <20100209020720.GB13571-r/Jw6+rmf7HQT0dZR+AlfA@public.gmane.org>
2010-02-09 17:05 ` Oren Laadan [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4B7195DB.7080009@cs.columbia.edu \
--to=orenl-eqauephvms7envbuuze7ea@public.gmane.org \
--cc=containers-qjLDD68F18O7TbgM5vRIOg@public.gmane.org \
--cc=serue-r/Jw6+rmf7HQT0dZR+AlfA@public.gmane.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox