From: Seebs <seebs@seebs.net>
To: Joshua Watt <jpewhacker@gmail.com>
Cc: Enrico Scholz <enrico.scholz@sigma-chemnitz.de>,
OE-core <openembedded-core@lists.openembedded.org>
Subject: Re: pseudo: host user contamination
Date: Sat, 24 Mar 2018 16:01:00 -0500 [thread overview]
Message-ID: <20180324160100.6906ac9c@seebsdell> (raw)
In-Reply-To: <CAJdd5Gb0VWNqUN0ci-4-w6KJ6j4E5fLvNk0Tshp_pDeKXvJ7Og@mail.gmail.com>
On Sat, 24 Mar 2018 15:22:47 -0500
Joshua Watt <jpewhacker@gmail.com> wrote:
> I don't think that is true. libc's syscall() must conform to the *C*
> ABI for the system... if the kernel does things that aren't in line
> with the C ABI (like return things in registers that aren't expected,
> fail to preserve registers that require preservation, or whatever),
> wouldn't the libc syscall() be *required* to paper over it so that it
> looks like a valid C call? Otherwise, it could never be safely called
> from C code.
I think this is only partially true. There's extra warnings in
syscall(2) about weird kinds of non-conformance with the usual ABI,
like the magic for 64-bit values on EABI (or possibly 32-bit EABI), and
I think the point about the extra registers or possible
register-smashing is just "at this point, you get the behavior of the
actual syscall, which may violate the ABI."
And yeah, it returns correctly, but if code's written to interact with
what syscall() is *supposed* to do, and we trample that in some way,
that's potentially bad.
I honestly have no idea how much scope there is for weird problems,
or whether I'm reading too much into the man page. But there's comments
in the man page that seem like very things to say if libc's syscall
really is just hiding all this complexity. Why on earth would the man
page need to mention those things? What is their relevance, if the
implementation covers all of that?
Practical answer: I'm probably going to attempt the thing, with
the first pass being (1) implement a wrapper for renameat2(), (2)
implement a wrapper for syscall, (3) try to change syscall's behavior
only in the case where the call is renameat2, (4) make this available
and let people try it on a variety of architectures and hope for the
best.
-s
next prev parent reply other threads:[~2018-03-24 21:01 UTC|newest]
Thread overview: 68+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-03-23 15:33 pseudo: host user contamination Enrico Scholz
2018-03-23 15:43 ` Enrico Scholz
2018-03-23 16:05 ` Burton, Ross
2018-03-23 16:10 ` Enrico Scholz
2018-03-23 16:17 ` Burton, Ross
2018-03-23 16:28 ` Seebs
2018-03-23 16:30 ` Burton, Ross
2018-03-23 16:49 ` Seebs
2018-03-23 16:56 ` Burton, Ross
2018-03-23 17:23 ` Seebs
2018-03-23 23:47 ` Richard Purdie
2018-03-23 23:56 ` Seebs
2018-03-24 0:22 ` Enrico Scholz
2018-03-24 0:33 ` Andre McCurdy
2018-03-24 0:36 ` Seebs
2018-03-24 1:10 ` Andre McCurdy
2018-03-24 1:17 ` Seebs
2018-03-24 1:43 ` Andre McCurdy
2018-03-24 2:44 ` Seebs
2018-03-24 12:36 ` Richard Purdie
2018-03-24 15:12 ` Seebs
2018-03-24 17:10 ` Burton, Ross
2018-03-24 17:23 ` Seebs
2018-03-24 18:12 ` Andre McCurdy
2018-03-24 18:22 ` Seebs
2018-03-24 18:59 ` Andre McCurdy
2018-03-24 19:24 ` Seebs
2018-03-24 19:42 ` Andre McCurdy
2018-03-24 19:50 ` Seebs
2018-03-24 20:12 ` Victor Kamensky
2018-03-24 23:04 ` Burton, Ross
2018-03-25 0:09 ` Victor Kamensky
2018-03-25 2:43 ` Andre McCurdy
2018-03-25 5:37 ` Victor Kamensky
2018-03-25 7:05 ` Andre McCurdy
2018-03-26 18:49 ` Andreas Müller
2018-03-26 19:31 ` Seebs
2018-03-26 20:12 ` Andre McCurdy
2018-03-26 21:07 ` Seebs
2018-03-27 1:10 ` Andre McCurdy
2018-03-27 1:32 ` Seebs
2018-03-27 1:34 ` Andre McCurdy
2018-03-27 2:07 ` Seebs
2018-03-27 2:59 ` Andre McCurdy
2018-03-27 4:41 ` Seebs
2018-03-27 19:11 ` Andre McCurdy
2018-03-27 19:22 ` Seebs
2018-03-27 20:12 ` Andre McCurdy
2018-03-27 20:20 ` Seebs
2018-03-27 20:52 ` Andre McCurdy
2018-03-27 21:10 ` Seebs
2018-03-29 12:04 ` Enrico Scholz
2018-03-29 14:06 ` Seebs
2018-03-27 13:06 ` Enrico Scholz
2018-03-27 15:50 ` Seebs
2018-03-27 16:26 ` Enrico Scholz
2018-03-27 16:46 ` Seebs
2018-03-24 20:22 ` Joshua Watt
2018-03-24 21:01 ` Seebs [this message]
2018-03-24 20:27 ` Andre McCurdy
2018-03-27 14:42 ` Enrico Scholz
2018-03-27 15:55 ` Seebs
2018-03-27 16:35 ` Enrico Scholz
2018-03-27 16:40 ` Seebs
2018-03-27 19:20 ` Enrico Scholz
2018-03-27 19:24 ` Seebs
2018-03-27 20:06 ` Enrico Scholz
2018-03-23 16:06 ` Burton, Ross
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20180324160100.6906ac9c@seebsdell \
--to=seebs@seebs.net \
--cc=enrico.scholz@sigma-chemnitz.de \
--cc=jpewhacker@gmail.com \
--cc=openembedded-core@lists.openembedded.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox