From: Lars Ellenberg <lars.ellenberg@linbit.com>
To: PaX Team <pageexec@freemail.hu>
Cc: spender@grsecurity.net, drbd-dev@lists.linbit.com
Subject: Re: [Drbd-dev] drbd 8.4.3: refcounter overflow on re-sync
Date: Thu, 25 Sep 2014 02:07:48 +0200 [thread overview]
Message-ID: <20140925000748.GB20814@soda.linbit> (raw)
In-Reply-To: <542352D0.5354.4E270879@pageexec.freemail.hu>
On Thu, Sep 25, 2014 at 01:25:04AM +0200, PaX Team wrote:
> On 24 Sep 2014 at 23:50, Lars Ellenberg wrote:
>
> > On Wed, Sep 24, 2014 at 08:07:11PM +0200, PaX Team wrote:
> > > > > perhaps it's a consequence of the reaction from the kernel on the overflow
> > > > > which is equivalent to a SIGKILL with all that it implies (files and network
> > > > > connections get closed, etc).
> > > >
> > > > That would be the result of the _ASM_EXTABLE()?
> > > > or what causes that "reaction"?
> > >
> > > no, the extable mechanism is only used to re-enter the kernel in a known
> > > way to be able to report back on the detected refcount overflow. the actual
> > > reaction is in pax_report_refcount_overflow
> >
> > Which is registered in the corresponding place in the exception table.
> > So yes.
>
> no, what is registered in the exception table is the address of the continuation
...
> it's an implementation choice only.
And that was what I wanted to know about. So yes ;-)
> > I predicted earlier that this would not be a fruitful discussion.
> you're conflating the general concept of reaction to exploits
Absolutely, yes, I do.
In this overflow case, I still don't see why it is supposed to help to
shoot the process that happens to be "current" when the overflow occurs,
respectively why it would be a valid assumption that this process would
be "the exploit", provoking the overflow on purpose...
But never mind, if you say that's so, fine.
> every major operating system vendor and cpu manufacturer have adopted protection
> techniques that were pioneered by us, i think that speaks more than a lone doubting
> Thomas on the drbd list ;).
I know. I'm not doubting. I get it.
I just don't like it (precautionary shooting in general), is all.
Though I dislike it even more that it (implementing protection
techniques) is even necessary, if you have to assume they are out to get
you. Which is more a fact than an assumption, in more scenarios than
I'd like it to be. So you keep preventing existing bugs elsewhere from
becoming exploitable, and I'll shut up :)
Lars
next prev parent reply other threads:[~2014-09-25 0:07 UTC|newest]
Thread overview: 16+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-09-19 9:49 [Drbd-dev] drbd 8.4.3: refcounter overflow on re-sync Marc Schiffbauer
2014-09-19 14:48 ` Lars Ellenberg
2014-09-19 15:16 ` Marc Schiffbauer
2014-09-23 11:03 ` Lars Ellenberg
2014-09-23 17:08 ` Marc Schiffbauer
2014-09-24 10:04 ` Lars Ellenberg
2014-09-23 18:14 ` Marc Schiffbauer
2014-09-24 10:14 ` Lars Ellenberg
2014-09-24 12:50 ` Lars Ellenberg
2014-09-24 15:57 ` PaX Team
2014-09-24 16:31 ` Lars Ellenberg
2014-09-24 18:07 ` PaX Team
2014-09-24 21:50 ` Lars Ellenberg
2014-09-24 23:25 ` PaX Team
2014-09-25 0:07 ` Lars Ellenberg [this message]
2014-09-27 0:45 ` PaX Team
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20140925000748.GB20814@soda.linbit \
--to=lars.ellenberg@linbit.com \
--cc=drbd-dev@lists.linbit.com \
--cc=pageexec@freemail.hu \
--cc=spender@grsecurity.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox