Hi,
On Wed, May 26, 2010 at 12:58:01AM -0700, Roland McGrath wrote:
Kyle said:
> Doesn't appear to work?
>
> kyle@dreadnought ~/src/linux-2.6 $ git remote
> add kees-execshield
git://kernel.ubuntu.com/kees/linux-2.6.git
> kyle@dreadnought ~/src/linux-2.6 $ git fetch kees-execshield
> kernel.ubuntu.com[0: 91.189.94.216]: errno=Connection timed out
> fatal: unable to connect a socket (Connection timed out)
It worked for me.
That seems to be a large uncoordinated branch of many topics.
I guessed just from the log summary which commits are these ones:
git log -n3 6bf4df3
(I haven't really reviewed the changes.)
Kees, if you are looking for review, putting these on an isolated topic
branch for people to look at easily is probably a good idea.
Yes, sorry, I'm trying to make a collection of stuff to get ready for
upstream. I will switch to topic branches, good idea:
http://kernel.ubuntu.com/git?p=kees/linux-2.6.git;a=shortlog;h=refs/heads...
The "x86: brk away from exec rand area" patch represents a fix to a real
problem, though, so at the very least, please review that one. It's a
corner case only for PIE, but it does happen. There might be a more
elegant solution, but my patch seems to do the job.
> Yes, we've been saying for a while that the randomization
stuff needs to
> be gutted from exec-shield. There is still a lot of work left cleaning
> up exec-shield, all the hooks are pretty out of order.
It was vaguely on my list for ages to clean up execshield and slice it into
separate patches, but I just gave up on ever getting around to it. One
should probably ping Ingo, since (AFAIK) he did it all to begin with, back
in the beforetime, the long, long ago.
Well, to use the mainline ASLR, it would have to grow a little more
knowledge about memory ranges to distinguish where the CS line was.
The NX-emulation is "just" the CS-limit bits. (I've been trying to avoid
saying "exec-shield" since AFAIU, exec-shield as a project covered much
more than just NX-emu and ASLR.) But yeah, a good first step would be to
port the NX-emu to using mainline ASLR.
The exec-shield boot/sysctl parameter has never made a whole lot of
sense
to me. The "exec-shield" stuff is really about three separate things. If
they need knobs, it's always seemed to me they should have separate knobs.
Sounds like we all agree on this. :) Currently it sounds like 3 knobs:
nonexec: off, anything, hw-only
stack-exec: follow ELF markings, always nonexec
> I suspect all this is still too invasive in the generic code to
be
> palatable.
I haven't really looked at Kees' patches. But having considered before
factoring this stuff out to cleanish, the i386 "NX emulation" stuff seemed
like the first thing to do and not hard to do fairly cleanly. (Not that
this motivated me to bother doing it.)
Other objections are that it isn't "perfect" (i.e. the bss areas of loaded
libraries end up being executable). I personally don't mind this -- it's
better than nothing on hardware lacking the NX bit.
-Kees
--
Kees Cook
Ubuntu Security Team