public inbox for glibc-bugs@sourceware.org
help / color / mirror / Atom feed
* [Bug dynamic-link/26831] New: aarch64: seccomp filters may prevent mprotect(PROT_EXEC|PROT_BTI)
@ 2020-11-02 14:48 nsz at gcc dot gnu.org
2020-11-02 16:48 ` [Bug dynamic-link/26831] " fweimer at redhat dot com
` (5 more replies)
0 siblings, 6 replies; 7+ messages in thread
From: nsz at gcc dot gnu.org @ 2020-11-02 14:48 UTC (permalink / raw)
To: glibc-bugs
https://sourceware.org/bugzilla/show_bug.cgi?id=26831
Bug ID: 26831
Summary: aarch64: seccomp filters may prevent
mprotect(PROT_EXEC|PROT_BTI)
Product: glibc
Version: unspecified
Status: NEW
Severity: normal
Priority: P2
Component: dynamic-link
Assignee: unassigned at sourceware dot org
Reporter: nsz at gcc dot gnu.org
Target Milestone: ---
see also
https://bugzilla.redhat.com/show_bug.cgi?id=1888842
branch-protection support in ld.so uses mprotect to
turn PROT_BTI on on executable segments, but this may
be prevented by security policies such as the systemd
MemoryDenyWriteExecute sandboxing option that makes
mprotect with PROT_EXEC fail via a seccomp filter.
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 7+ messages in thread
* [Bug dynamic-link/26831] aarch64: seccomp filters may prevent mprotect(PROT_EXEC|PROT_BTI)
2020-11-02 14:48 [Bug dynamic-link/26831] New: aarch64: seccomp filters may prevent mprotect(PROT_EXEC|PROT_BTI) nsz at gcc dot gnu.org
@ 2020-11-02 16:48 ` fweimer at redhat dot com
2020-11-10 14:31 ` carlos at redhat dot com
` (4 subsequent siblings)
5 siblings, 0 replies; 7+ messages in thread
From: fweimer at redhat dot com @ 2020-11-02 16:48 UTC (permalink / raw)
To: glibc-bugs
https://sourceware.org/bugzilla/show_bug.cgi?id=26831
Florian Weimer <fweimer at redhat dot com> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |fweimer at redhat dot com
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 7+ messages in thread
* [Bug dynamic-link/26831] aarch64: seccomp filters may prevent mprotect(PROT_EXEC|PROT_BTI)
2020-11-02 14:48 [Bug dynamic-link/26831] New: aarch64: seccomp filters may prevent mprotect(PROT_EXEC|PROT_BTI) nsz at gcc dot gnu.org
2020-11-02 16:48 ` [Bug dynamic-link/26831] " fweimer at redhat dot com
@ 2020-11-10 14:31 ` carlos at redhat dot com
2020-12-01 12:12 ` nsz at gcc dot gnu.org
` (3 subsequent siblings)
5 siblings, 0 replies; 7+ messages in thread
From: carlos at redhat dot com @ 2020-11-10 14:31 UTC (permalink / raw)
To: glibc-bugs
https://sourceware.org/bugzilla/show_bug.cgi?id=26831
Carlos O'Donell <carlos at redhat dot com> changed:
What |Removed |Added
----------------------------------------------------------------------------
See Also| |https://bugzilla.redhat.com
| |/show_bug.cgi?id=1888842
CC| |carlos at redhat dot com
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 7+ messages in thread
* [Bug dynamic-link/26831] aarch64: seccomp filters may prevent mprotect(PROT_EXEC|PROT_BTI)
2020-11-02 14:48 [Bug dynamic-link/26831] New: aarch64: seccomp filters may prevent mprotect(PROT_EXEC|PROT_BTI) nsz at gcc dot gnu.org
2020-11-02 16:48 ` [Bug dynamic-link/26831] " fweimer at redhat dot com
2020-11-10 14:31 ` carlos at redhat dot com
@ 2020-12-01 12:12 ` nsz at gcc dot gnu.org
2020-12-11 15:49 ` cvs-commit at gcc dot gnu.org
` (2 subsequent siblings)
5 siblings, 0 replies; 7+ messages in thread
From: nsz at gcc dot gnu.org @ 2020-12-01 12:12 UTC (permalink / raw)
To: glibc-bugs
https://sourceware.org/bugzilla/show_bug.cgi?id=26831
Szabolcs Nagy <nsz at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Assignee|unassigned at sourceware dot org |nsz at gcc dot gnu.org
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 7+ messages in thread
* [Bug dynamic-link/26831] aarch64: seccomp filters may prevent mprotect(PROT_EXEC|PROT_BTI)
2020-11-02 14:48 [Bug dynamic-link/26831] New: aarch64: seccomp filters may prevent mprotect(PROT_EXEC|PROT_BTI) nsz at gcc dot gnu.org
` (2 preceding siblings ...)
2020-12-01 12:12 ` nsz at gcc dot gnu.org
@ 2020-12-11 15:49 ` cvs-commit at gcc dot gnu.org
2021-01-21 10:44 ` cvs-commit at gcc dot gnu.org
2021-03-29 8:54 ` nsz at gcc dot gnu.org
5 siblings, 0 replies; 7+ messages in thread
From: cvs-commit at gcc dot gnu.org @ 2020-12-11 15:49 UTC (permalink / raw)
To: glibc-bugs
https://sourceware.org/bugzilla/show_bug.cgi?id=26831
--- Comment #1 from cvs-commit at gcc dot gnu.org <cvs-commit at gcc dot gnu.org> ---
The master branch has been updated by Szabolcs Nagy <nsz@sourceware.org>:
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=cd543b5eb3642d76e365a131ce676f31fe3f1dd4
commit cd543b5eb3642d76e365a131ce676f31fe3f1dd4
Author: Szabolcs Nagy <szabolcs.nagy@arm.com>
Date: Tue Dec 1 10:13:18 2020 +0000
aarch64: Use mmap to add PROT_BTI instead of mprotect [BZ #26831]
Re-mmap executable segments if possible instead of using mprotect
to add PROT_BTI. This allows using BTI protection with security
policies that prevent mprotect with PROT_EXEC.
If the fd of the ELF module is not available because it was kernel
mapped then mprotect is used and failures are ignored. To protect
the main executable even when mprotect is filtered the linux kernel
will have to be changed to add PROT_BTI to it.
The delayed failure reporting is mainly needed because currently
_dl_process_gnu_properties does not propagate failures such that
the required cleanups happen. Using the link_map_machine struct for
error propagation is not ideal, but this seemed to be the least
intrusive solution.
Fixes bug 26831.
Reviewed-by: Adhemerval Zanella <adhemerval.zanella@linaro.org>
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 7+ messages in thread
* [Bug dynamic-link/26831] aarch64: seccomp filters may prevent mprotect(PROT_EXEC|PROT_BTI)
2020-11-02 14:48 [Bug dynamic-link/26831] New: aarch64: seccomp filters may prevent mprotect(PROT_EXEC|PROT_BTI) nsz at gcc dot gnu.org
` (3 preceding siblings ...)
2020-12-11 15:49 ` cvs-commit at gcc dot gnu.org
@ 2021-01-21 10:44 ` cvs-commit at gcc dot gnu.org
2021-03-29 8:54 ` nsz at gcc dot gnu.org
5 siblings, 0 replies; 7+ messages in thread
From: cvs-commit at gcc dot gnu.org @ 2021-01-21 10:44 UTC (permalink / raw)
To: glibc-bugs
https://sourceware.org/bugzilla/show_bug.cgi?id=26831
--- Comment #2 from cvs-commit at gcc dot gnu.org <cvs-commit at gcc dot gnu.org> ---
The release/2.32/master branch has been updated by Szabolcs Nagy
<nsz@sourceware.org>:
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=33dc30bc838b12183744746de102da8b76b9b1d0
commit 33dc30bc838b12183744746de102da8b76b9b1d0
Author: Szabolcs Nagy <szabolcs.nagy@arm.com>
Date: Tue Dec 1 10:13:18 2020 +0000
aarch64: Use mmap to add PROT_BTI instead of mprotect [BZ #26831]
Re-mmap executable segments if possible instead of using mprotect
to add PROT_BTI. This allows using BTI protection with security
policies that prevent mprotect with PROT_EXEC.
If the fd of the ELF module is not available because it was kernel
mapped then mprotect is used and failures are ignored. To protect
the main executable even when mprotect is filtered the linux kernel
will have to be changed to add PROT_BTI to it.
The delayed failure reporting is mainly needed because currently
_dl_process_gnu_properties does not propagate failures such that
the required cleanups happen. Using the link_map_machine struct for
error propagation is not ideal, but this seemed to be the least
intrusive solution.
Fixes bug 26831.
Reviewed-by: Adhemerval Zanella <adhemerval.zanella@linaro.org>
(cherry picked from commit cd543b5eb3642d76e365a131ce676f31fe3f1dd4)
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 7+ messages in thread
* [Bug dynamic-link/26831] aarch64: seccomp filters may prevent mprotect(PROT_EXEC|PROT_BTI)
2020-11-02 14:48 [Bug dynamic-link/26831] New: aarch64: seccomp filters may prevent mprotect(PROT_EXEC|PROT_BTI) nsz at gcc dot gnu.org
` (4 preceding siblings ...)
2021-01-21 10:44 ` cvs-commit at gcc dot gnu.org
@ 2021-03-29 8:54 ` nsz at gcc dot gnu.org
5 siblings, 0 replies; 7+ messages in thread
From: nsz at gcc dot gnu.org @ 2021-03-29 8:54 UTC (permalink / raw)
To: glibc-bugs
https://sourceware.org/bugzilla/show_bug.cgi?id=26831
Szabolcs Nagy <nsz at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
Target Milestone|--- |2.33
Host| |aarch64
Resolution|--- |FIXED
--- Comment #3 from Szabolcs Nagy <nsz at gcc dot gnu.org> ---
fixed for 2.33
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 7+ messages in thread
end of thread, other threads:[~2021-03-29 8:54 UTC | newest]
Thread overview: 7+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-11-02 14:48 [Bug dynamic-link/26831] New: aarch64: seccomp filters may prevent mprotect(PROT_EXEC|PROT_BTI) nsz at gcc dot gnu.org
2020-11-02 16:48 ` [Bug dynamic-link/26831] " fweimer at redhat dot com
2020-11-10 14:31 ` carlos at redhat dot com
2020-12-01 12:12 ` nsz at gcc dot gnu.org
2020-12-11 15:49 ` cvs-commit at gcc dot gnu.org
2021-01-21 10:44 ` cvs-commit at gcc dot gnu.org
2021-03-29 8:54 ` nsz at gcc dot gnu.org
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).