From: Rob Landley <landley@trommello.org>
To: drepper@redhat.com, ebiederm@xmission.com (Eric W. Biederman)
Cc: linux-kernel@vger.kernel.org
Subject: Re: Security question: "Text file busy" overwriting executables but not shared libraries?
Date: Wed, 3 Oct 2001 19:20:39 -0400 [thread overview]
Message-ID: <01100319203903.00728@localhost.localdomain> (raw)
In-Reply-To: <200110031249.HAA50103@tomcat.admin.navo.hpc.mil> <m1r8sk1tuq.fsf@frodo.biederman.org>
In-Reply-To: <m1r8sk1tuq.fsf@frodo.biederman.org>
On Wednesday 03 October 2001 14:06, Eric W. Biederman wrote:
> > But not modify a busy executable.
>
> Have ld-linux.so set the MAP_DENYWRITE bit when it is mapping
> the library.
And of course since the FSF wrote it, it's not quite that simple...
>/* The right way to map in the shared library files is MAP_COPY, which
> makes a virtual copy of the data at the time of the mmap call; this
> guarantees the mapped pages will be consistent even if the file is
> overwritten. Some losing VM systems like Linux's lack MAP_COPY. All we
> get is MAP_PRIVATE, which copies each page when it is modified; this
> means if the file is overwritten, we may at some point get some pages
> from the new version after starting with pages from the old version. */
I.E. it seems like they go out of their way to ALLOW writing to the libaries.
(I assume they KNOW the difference between MAP_DENYWRITE, MAP_COPY, and
MAP_PRIVATE...?)
This look right to anybody else? Or am I about to wander into weird
side-effect land? (Is there a reason they DON'T want a read-only mapping?
Are they writing data into those pages, perhaps doing the linking fixup
stuff? What?)
--- elf/dl-load.bak Wed Oct 3 18:53:37 2001
+++ elf/dl-load.c Wed Oct 3 18:55:57 2001
@@ -48,7 +48,7 @@
means if the file is overwritten, we may at some point get some pages
from the new version after starting with pages from the old version. */
#ifndef MAP_COPY
-# define MAP_COPY MAP_PRIVATE
+# define MAP_COPY MAP_DENYWRITE
#endif
/* Some systems link their relocatable objects for another base address
I should just try this and see what it does. On a machine I don't mind
reinstalling from scratch. Which means I need to dig up a spare keyboard for
my junk machine... (And figure out how to get glibc's ./configure script to
realise that linuxthreads is, in fact, there in the source directory. It's
right there. Use it. Don't yell at me it's not there. I didn't make this
SRPM, I changed one line... Sigh...)
In the morning...
Rob
next prev parent reply other threads:[~2001-10-04 3:21 UTC|newest]
Thread overview: 76+ messages / expand[flat|nested] mbox.gz Atom feed top
2001-10-03 12:49 Security question: "Text file busy" overwriting executables but not shared libraries? Jesse Pollard
2001-10-03 18:06 ` Eric W. Biederman
2001-10-03 23:20 ` Rob Landley [this message]
2001-10-04 3:38 ` Eric W. Biederman
2001-10-04 4:19 ` Alexander Viro
2001-10-04 6:15 ` Eric W. Biederman
2001-10-04 8:21 ` CaT
2001-10-04 8:35 ` john slee
2001-10-04 8:45 ` CaT
2001-10-04 13:11 ` Eric W. Biederman
2001-10-04 14:24 ` Kernel size Richard B. Johnson
2001-10-13 20:35 ` Aaron Lehmann
2001-10-04 8:30 ` Security question: "Text file busy" overwriting executables but not shared libraries? Ville Herva
2001-10-04 9:46 ` Erik Andersen
2001-10-04 19:50 ` Security question: "Text file busy" overwriting executables but no Kai Henningsen
2001-10-04 8:53 ` Security question: "Text file busy" overwriting executables but not shared libraries? Andreas Schwab
2001-10-04 13:23 ` Eric W. Biederman
2001-10-04 9:12 ` Bloatware (was Re: Security question: "Text file busy"...) VDA
2001-10-04 5:38 ` Security question: "Text file busy" overwriting executables but not shared libraries? Linus Torvalds
2001-10-04 5:44 ` Alexander Viro
2001-10-04 5:49 ` Linus Torvalds
2001-10-04 15:01 ` Eric W. Biederman
2001-10-04 15:49 ` Linus Torvalds
2001-10-04 16:02 ` Richard Gooch
2001-10-04 16:20 ` Andreas Schwab
2001-10-04 17:19 ` Richard Gooch
2001-10-04 16:11 ` Alexander Viro
2001-10-04 19:28 ` Security question: "Text file busy" overwriting executables but no Kai Henningsen
2001-10-04 17:25 ` Security question: "Text file busy" overwriting executables but not shared libraries? Eric W. Biederman
2001-10-13 14:53 ` Jamie Lokier
2001-10-13 17:13 ` Linus Torvalds
2001-10-13 18:18 ` Rik van Riel
2001-10-13 18:40 ` Pablo Alcaraz
2001-10-13 19:05 ` Jamie Lokier
2001-10-13 18:54 ` Jamie Lokier
2001-10-13 19:23 ` Linus Torvalds
2001-10-13 19:46 ` Jamie Lokier
2001-10-13 21:43 ` Aaron Lehmann
2001-10-13 22:27 ` Eric W. Biederman
2001-10-13 22:50 ` Aaron Lehmann
2001-10-15 11:24 ` Jamie Lokier
2001-10-13 22:19 ` Linus Torvalds
2001-10-14 6:49 ` Eric W. Biederman
2001-10-14 8:17 ` Xavier Bestel
2001-10-14 15:40 ` Linus Torvalds
2001-10-14 18:49 ` Eric W. Biederman
2001-10-15 11:43 ` Jamie Lokier
2001-10-13 22:41 ` Richard Gooch
2001-10-15 11:35 ` Jamie Lokier
2001-10-15 11:51 ` Alexander Viro
2001-10-15 12:29 ` Jamie Lokier
2001-10-13 22:27 ` Linus Torvalds
2001-10-14 12:57 ` Security question: "Text file busy" overwriting executables but no Kai Henningsen
2001-10-14 21:43 ` Security question: "Text file busy" overwriting executables but not shared libraries? Mark H. Wood
2001-10-04 5:53 ` Richard Gooch
2001-10-04 20:39 ` Security question: "Text file busy" overwriting executables but Alan Cox
2001-10-05 16:30 ` Eric W. Biederman
2001-10-05 16:58 ` Linus Torvalds
2001-10-05 17:35 ` Horst von Brand
2001-10-05 17:44 ` Linus Torvalds
2001-10-05 18:51 ` Oliver Xymoron
2001-10-06 19:05 ` Eric W. Biederman
2001-10-14 8:02 ` [RFC] "Text file busy" when overwriting libraries Eric W. Biederman
2001-10-14 12:08 ` Alan Cox
2001-10-14 20:48 ` Eric W. Biederman
2001-10-15 1:44 ` Alan Cox
2001-10-15 2:06 ` Linus Torvalds
2001-10-15 10:11 ` Eric W. Biederman
2001-10-15 11:54 ` Alan Cox
2001-10-15 11:57 ` Alexander Viro
2001-10-15 12:08 ` Alan Cox
2001-10-15 12:11 ` Alexander Viro
2001-10-04 6:50 ` Security question: "Text file busy" overwriting executables but not shared libraries? George Greer
2001-10-04 12:54 ` John Levon
-- strict thread matches above, loose matches on Subject: below --
2001-10-03 2:55 Rob Landley
2001-10-03 7:07 ` Alexander Viro
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=01100319203903.00728@localhost.localdomain \
--to=landley@trommello.org \
--cc=drepper@redhat.com \
--cc=ebiederm@xmission.com \
--cc=linux-kernel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox