public inbox for linux-kernel@vger.kernel.org
 help / color / mirror / Atom feed
* The code segment of the user level in PPC64 are in VMAs with write permissions
@ 2007-12-19  7:21 Dotan Barak
  2007-12-19  9:11 ` Eric Dumazet
  0 siblings, 1 reply; 3+ messages in thread
From: Dotan Barak @ 2007-12-19  7:21 UTC (permalink / raw)
  To: linux-kernel; +Cc: dotanb

Hi all.

I noticed that the code segment of the user level in PPC64 machines
is in a VMA with a write permission enabled.

I'm using the following machine attributes:
*************************************************************
Host Name         : mtlsqt185
Host Architecture : ppc64
Linux Distribution: SUSE Linux Enterprise Server 10 (ppc) VERSION = 10 
PATCHLEVEL = 1
Kernel Version    : 2.6.16.53-0.16-ppc64
GCC Version       : gcc (GCC) 4.1.2 20070115 (prerelease) (SUSE Linux)
Memory size       : 1740232 kB
Number of CPUs    : 8
cpu MHz           : 4005.000000MHz
Driver Version    : OFED-1.2.5.4-20071210-0614
HCA ID(s)         : mlx4_0
HCA model(s)      : 25418
FW version(s)     : 2.3.906
Board(s)          : IBM08A0000001
*************************************************************

I printed the address of a function in my program and i got the value 
0x1005ac80.

I printed the VMAs in my process and i got the following output:
mtlsqt185:~ # cat /proc/17366/maps
00100000-00103000 r-xp 00100000 00:00 0
10000000-1004a000 r-xp 00000000 08:03 1063667                            
/tmp/tsscr/svn.mlx_tp/branches/ofed1.2.5/gen2/userspace/useraccess/gen2_basic/gen2_basic 

1005a000-1005e000 rw-p 0004a000 08:03 1063667                            
/tmp/tsscr/svn.mlx_tp/branches/ofed1.2.5/gen2/userspace/useraccess/gen2_basic/gen2_basic 

1005e000-1015f000 rw-p 1005e000 00:00 0                                  
[heap]

Is this is a security hole (any virus can change the code in the code 
segment ...)

can you please CC me the answers o this question?


thanks
Dotan

^ permalink raw reply	[flat|nested] 3+ messages in thread
* Re: The code segment of the user level in PPC64 are in VMAs with write permissions
  2007-12-19  7:21 The code segment of the user level in PPC64 are in VMAs with write permissions Dotan Barak
@ 2007-12-19  9:11 ` Eric Dumazet
  2007-12-19 10:55   ` Dotan Barak
  0 siblings, 1 reply; 3+ messages in thread
From: Eric Dumazet @ 2007-12-19  9:11 UTC (permalink / raw)
  To: dotanb; +Cc: linux-kernel

Dotan Barak a écrit :
> Hi all.
> 
> I noticed that the code segment of the user level in PPC64 machines
> is in a VMA with a write permission enabled.
> 
> I'm using the following machine attributes:
> *************************************************************
> Host Name         : mtlsqt185
> Host Architecture : ppc64
> Linux Distribution: SUSE Linux Enterprise Server 10 (ppc) VERSION = 10 
> PATCHLEVEL = 1
> Kernel Version    : 2.6.16.53-0.16-ppc64
> GCC Version       : gcc (GCC) 4.1.2 20070115 (prerelease) (SUSE Linux)
> Memory size       : 1740232 kB
> Number of CPUs    : 8
> cpu MHz           : 4005.000000MHz
> Driver Version    : OFED-1.2.5.4-20071210-0614
> HCA ID(s)         : mlx4_0
> HCA model(s)      : 25418
> FW version(s)     : 2.3.906
> Board(s)          : IBM08A0000001
> *************************************************************
> 
> I printed the address of a function in my program and i got the value 
> 0x1005ac80.
> 
> I printed the VMAs in my process and i got the following output:
> mtlsqt185:~ # cat /proc/17366/maps
> 00100000-00103000 r-xp 00100000 00:00 0
> 10000000-1004a000 r-xp 00000000 08:03 1063667                            
> /tmp/tsscr/svn.mlx_tp/branches/ofed1.2.5/gen2/userspace/useraccess/gen2_basic/gen2_basic 
> 
> 1005a000-1005e000 rw-p 0004a000 08:03 1063667                            
> /tmp/tsscr/svn.mlx_tp/branches/ofed1.2.5/gen2/userspace/useraccess/gen2_basic/gen2_basic 
> 
> 1005e000-1015f000 rw-p 1005e000 00:00 0                                  
> [heap]
> 
> Is this is a security hole (any virus can change the code in the code 
> segment ...)
> 
> can you please CC me the answers o this question?
> 

This is because on PPC architecture, address of a function points to a small
data area (a function descriptor) where the caller can find informations about :

- Address (in the text segment, so readonly) of the target function
- Address of the TOC for this function.


http://www.linux-foundation.org/spec/ELF/ppc64/PPC-elf64abi-1.9.html#FUNC-ADDRESS

^ permalink raw reply	[flat|nested] 3+ messages in thread
* Re: The code segment of the user level in PPC64 are in VMAs with write permissions
  2007-12-19  9:11 ` Eric Dumazet
@ 2007-12-19 10:55   ` Dotan Barak
  0 siblings, 0 replies; 3+ messages in thread
From: Dotan Barak @ 2007-12-19 10:55 UTC (permalink / raw)
  To: Eric Dumazet; +Cc: linux-kernel

Eric Dumazet wrote:
> This is because on PPC architecture, address of a function points to a 
> small
> data area (a function descriptor) where the caller can find 
> informations about :
>
> - Address (in the text segment, so readonly) of the target function
> - Address of the TOC for this function.
>
>
> http://www.linux-foundation.org/spec/ELF/ppc64/PPC-elf64abi-1.9.html#FUNC-ADDRESS 
>
>

thank you very much for clearing this issue.
Dotan

^ permalink raw reply	[flat|nested] 3+ messages in thread
end of thread, other threads:[~2007-12-19 10:55 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2007-12-19  7:21 The code segment of the user level in PPC64 are in VMAs with write permissions Dotan Barak
2007-12-19  9:11 ` Eric Dumazet
2007-12-19 10:55   ` Dotan Barak

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox