Re: [PROPOSAL/PATCH] Remove PT_GNU_STACK support before 2.6.11

[Ingo Molnar]

* Ingo Molnar <mingo@xxxxxxx> wrote:

> * Arjan van de Ven <arjan@xxxxxxxxxxxxx> wrote:
> 
> > So I rather see the patch below merged instead; it fixes the worst
> > problems (RWE not marking the heap executable) while keeping this
> > useful feature enabled.
> > 
> > Signed-off-by: Arjan van de Ven <arjan@xxxxxxxxxxxxx>
> 
> looks good.
> 
>  Signed-off-by: Ingo Molnar <mingo@xxxxxxx>

tested it against BK-curr, on an NX-enabled x86 CPU, and it builds/boots
fine and works as expected. A PT_GNU_STACK RWE binary gets this layout:

 saturn:~/noexec> cat /proc/2983/maps
 00888000-0089d000 r-xp 00000000 03:41 3433999    /lib/ld-2.3.3.so
 0089d000-0089f000 rwxp 00014000 03:41 3433999    /lib/ld-2.3.3.so
 008a1000-009bf000 r-xp 00000000 03:41 3434007    /lib/tls/libc-2.3.3.so
 009bf000-009c1000 r-xp 0011d000 03:41 3434007    /lib/tls/libc-2.3.3.so
 009c1000-009c3000 rwxp 0011f000 03:41 3434007    /lib/tls/libc-2.3.3.so
 009c3000-009c5000 rwxp 009c3000 00:00 0
 08048000-08049000 r-xp 00000000 03:41 1046974    /home/mingo/noexec/test-stack
 08049000-0804a000 rwxp 00000000 03:41 1046974    /home/mingo/noexec/test-stack
 b7fe7000-b7fe8000 rwxp b7fe7000 00:00 0
 bffeb000-c0000000 rwxp bffeb000 00:00 0
 ffffe000-fffff000 ---p 00000000 00:00 0

i.e. all mappings are executable (i.e. READ_IMPLIES_EXEC effect) - the
intended change. (although i dont fully agree with PT_GNU_STACK being
about something else than the stack, from a security POV if the stack is
executable then all bets are off anyway. The heap and all mmaps being
executable too in that case makes little difference.)

	Ingo
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/