From: Eric Dumazet <dada1@cosmosbay.com>
To: dotanb@dev.mellanox.co.il
Cc: linux-kernel@vger.kernel.org
Subject: Re: The code segment of the user level in PPC64 are in VMAs with write permissions
Date: Wed, 19 Dec 2007 10:11:11 +0100 [thread overview]
Message-ID: <4768E02F.20700@cosmosbay.com> (raw)
In-Reply-To: <4768C675.1030804@dev.mellanox.co.il>
Dotan Barak a écrit :
> Hi all.
>
> I noticed that the code segment of the user level in PPC64 machines
> is in a VMA with a write permission enabled.
>
> I'm using the following machine attributes:
> *************************************************************
> Host Name : mtlsqt185
> Host Architecture : ppc64
> Linux Distribution: SUSE Linux Enterprise Server 10 (ppc) VERSION = 10
> PATCHLEVEL = 1
> Kernel Version : 2.6.16.53-0.16-ppc64
> GCC Version : gcc (GCC) 4.1.2 20070115 (prerelease) (SUSE Linux)
> Memory size : 1740232 kB
> Number of CPUs : 8
> cpu MHz : 4005.000000MHz
> Driver Version : OFED-1.2.5.4-20071210-0614
> HCA ID(s) : mlx4_0
> HCA model(s) : 25418
> FW version(s) : 2.3.906
> Board(s) : IBM08A0000001
> *************************************************************
>
> I printed the address of a function in my program and i got the value
> 0x1005ac80.
>
> I printed the VMAs in my process and i got the following output:
> mtlsqt185:~ # cat /proc/17366/maps
> 00100000-00103000 r-xp 00100000 00:00 0
> 10000000-1004a000 r-xp 00000000 08:03 1063667
> /tmp/tsscr/svn.mlx_tp/branches/ofed1.2.5/gen2/userspace/useraccess/gen2_basic/gen2_basic
>
> 1005a000-1005e000 rw-p 0004a000 08:03 1063667
> /tmp/tsscr/svn.mlx_tp/branches/ofed1.2.5/gen2/userspace/useraccess/gen2_basic/gen2_basic
>
> 1005e000-1015f000 rw-p 1005e000 00:00 0
> [heap]
>
> Is this is a security hole (any virus can change the code in the code
> segment ...)
>
> can you please CC me the answers o this question?
>
This is because on PPC architecture, address of a function points to a small
data area (a function descriptor) where the caller can find informations about :
- Address (in the text segment, so readonly) of the target function
- Address of the TOC for this function.
http://www.linux-foundation.org/spec/ELF/ppc64/PPC-elf64abi-1.9.html#FUNC-ADDRESS
next prev parent reply other threads:[~2007-12-19 9:11 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2007-12-19 7:21 The code segment of the user level in PPC64 are in VMAs with write permissions Dotan Barak
2007-12-19 9:11 ` Eric Dumazet [this message]
2007-12-19 10:55 ` Dotan Barak
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4768E02F.20700@cosmosbay.com \
--to=dada1@cosmosbay.com \
--cc=dotanb@dev.mellanox.co.il \
--cc=linux-kernel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox