Re: [PATCH v4 3/3] MIPS: set stack/data protection as non-executable

public inbox for linux-kernel@vger.kernel.org
 help / color / mirror / Atom feed

From: David Daney <ddaney@caviumnetworks.com>
To: Leonid Yegoshin <Leonid.Yegoshin@imgtec.com>
Cc: Paul Burton <paul.burton@imgtec.com>, <daniel.sanders@imgtec.com>,
	<linux-mips@linux-mips.org>, <cernekee@gmail.com>,
	<Zubair.Kakakhel@imgtec.com>, <geert+renesas@glider.be>,
	<david.daney@cavium.com>, <peterz@infradead.org>,
	<heiko.carstens@de.ibm.com>, <paul.gortmaker@windriver.com>,
	<behanw@converseincode.com>, <macro@linux-mips.org>,
	<cl@linux.com>, <pkarat@mvista.com>, <linux@roeck-us.net>,
	<tkhai@yandex.ru>, <james.hogan@imgtec.com>,
	<alexinbeijing@gmail.com>, <rusty@rustcorp.com.au>,
	<Steven.Hill@imgtec.com>, <lars.persson@axis.com>,
	<aleksey.makarov@auriga.com>, <linux-kernel@vger.kernel.org>,
	<ralf@linux-mips.org>, <luto@amacapital.net>,
	<dahi@linux.vnet.ibm.com>, <markos.chandras@imgtec.com>,
	<eunb.song@samsung.com>, <kumba@gentoo.org>
Subject: Re: [PATCH v4 3/3] MIPS: set stack/data protection as non-executable
Date: Wed, 5 Aug 2015 17:37:47 -0700	[thread overview]
Message-ID: <55C2AC5B.50408@caviumnetworks.com> (raw)
In-Reply-To: <55C2A91B.1090704@imgtec.com>

On 08/05/2015 05:23 PM, Leonid Yegoshin wrote:
> On 08/05/2015 05:14 PM, David Daney wrote:
>> On 08/05/2015 05:06 PM, Leonid Yegoshin wrote:
>>> On 08/05/2015 04:55 PM, Paul Burton wrote:
>>>>
>>>>
>>>> As was pointed out last time you posted this, it breaks backwards
>>>> compatibility with userland & thus cannot be applied.
>>>
>>> Never observed since first version.
>>>
>>> In other side, the problem with apps like ssh_keygen is observed in
>>> absence of executable stack protection.
>>
>> You cannot change the default.
>>
>> If your ssh_keygen is broken, get a working version.
>
> It is actually any application which requests non-executable stack
> protection and needs some emulation BEFORE GLIBC cancels that
> non-executable stack protection due to libraries.
>
> If you build all libraries with PT_GNU_STACK 'non-executable' and use
> application with the same protection then you can't emulate even a
> single instruction - it crashes immediately. So, it is not a bad
> application, it is a bad choice for emulation space in past.
>

This just means that your userspace is broken.

If GLibC cannot do the right thing then it should be fixed.

The very first thing that is executed is ld.so, you need to make your 
ld.so do the right thing before transferring control to your program's 
entry point.

You cannot change the default setting for executable stack just because 
you have created a broken userspace.

The ability of legacy userspace to continue functioning cannot be 
sacrificed.

David Daney

next prev parent reply	other threads:[~2015-08-06  0:37 UTC|newest]

Thread overview: 15+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2015-08-05 23:49 [PATCH v4 0/3] MIPS executable stack protection Leonid Yegoshin
2015-08-05 23:49 ` [PATCH v4 1/3] MIPS: mips_flush_cache_range is added Leonid Yegoshin
2015-08-05 23:49 ` [PATCH v4 2/3] MIPS: Setup an instruction emulation in VDSO protected page instead of user stack Leonid Yegoshin
2015-08-05 23:49 ` [PATCH v4 3/3] MIPS: set stack/data protection as non-executable Leonid Yegoshin
2015-08-05 23:55   ` Paul Burton
2015-08-06  0:06     ` Leonid Yegoshin
2015-08-06  0:14       ` David Daney
2015-08-06  0:23         ` Leonid Yegoshin
2015-08-06  0:37           ` David Daney [this message]
2015-08-06  0:46             ` Leonid Yegoshin
2015-08-06  1:07               ` David Daney
2015-08-06  0:40           ` Paul Burton
2015-08-05 23:55   ` David Daney
2015-08-06  0:00 ` [PATCH v4 0/3] MIPS executable stack protection David Daney
2015-08-06  0:02   ` Leonid Yegoshin

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=55C2AC5B.50408@caviumnetworks.com \
    --to=ddaney@caviumnetworks.com \
    --cc=Leonid.Yegoshin@imgtec.com \
    --cc=Steven.Hill@imgtec.com \
    --cc=Zubair.Kakakhel@imgtec.com \
    --cc=aleksey.makarov@auriga.com \
    --cc=alexinbeijing@gmail.com \
    --cc=behanw@converseincode.com \
    --cc=cernekee@gmail.com \
    --cc=cl@linux.com \
    --cc=dahi@linux.vnet.ibm.com \
    --cc=daniel.sanders@imgtec.com \
    --cc=david.daney@cavium.com \
    --cc=eunb.song@samsung.com \
    --cc=geert+renesas@glider.be \
    --cc=heiko.carstens@de.ibm.com \
    --cc=james.hogan@imgtec.com \
    --cc=kumba@gentoo.org \
    --cc=lars.persson@axis.com \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linux-mips@linux-mips.org \
    --cc=linux@roeck-us.net \
    --cc=luto@amacapital.net \
    --cc=macro@linux-mips.org \
    --cc=markos.chandras@imgtec.com \
    --cc=paul.burton@imgtec.com \
    --cc=paul.gortmaker@windriver.com \
    --cc=peterz@infradead.org \
    --cc=pkarat@mvista.com \
    --cc=ralf@linux-mips.org \
    --cc=rusty@rustcorp.com.au \
    --cc=tkhai@yandex.ru \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox