From: Siddhesh Poyarekar <siddhesh@sourceware.org>
To: Zack Weinberg <zack@owlfolio.org>,
Szabolcs Nagy <szabolcs.nagy@arm.com>,
Adhemerval Zanella <adhemerval.zanella@linaro.org>,
GNU libc development <libc-alpha@sourceware.org>
Cc: Florian Weimer <fweimer@redhat.com>, Carlos O'Donell <carlos@redhat.com>
Subject: Re: [PATCH 2/2] aarch64: Make glibc.mem.tagging SXID_ERASE
Date: Fri, 6 Oct 2023 08:41:23 -0400 [thread overview]
Message-ID: <4eaea4b7-c72f-8bd8-ab2b-dc08fc4ad97d@sourceware.org> (raw)
In-Reply-To: <ff27f292-af1f-4718-836a-df8690eaa57d@app.fastmail.com>
On 2023-10-06 08:25, Zack Weinberg wrote:
>> I don't completely disagree with the conclusion below, but the CVE
>> that prompted this discussion doesn't say anything about environment
>> inheritance because the vulnerability had nothing to do with
>> environment processing and inheritance.
>
> I may have misunderstood the CVE or mixed it up with another one.
> I thought there was a recent CVE in which a SXID_IGNORE environment
> variable was inherited by a child process, and that child process was
> rendered vulnerable to further exploitation because it honored that
> variable.
Hmm, I don't remember anything like this recently (but my memory is
worse than my airplane flying skills), but something like that would be
an interesting data point and further confirmation that we need to get
rid of SXID_IGNORE and SXID_NONE. In any case, I can't see a good
reason anymore to keep these levels, especially if we drop memory
tagging, malloc tuning and malloc debugging tunables from SXID_IGNORE.
If memory tagging needs to persist across setxid programs then there
needs to be a different way, maybe through systemwide tunables[1] that
DJ is working on, or maybe even ELF markup.
Adhemerval has taken this patchset and is going to build on it to rip it
all out, so we'll hopefully resolve all of this together.
Thanks,
Sid
[1]
https://inbox.sourceware.org/libc-alpha/xn1qeayuo9.fsf@greed.delorie.com/T/#u
next prev parent reply other threads:[~2023-10-06 12:41 UTC|newest]
Thread overview: 23+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-10-03 20:11 [PATCH 0/2] make all tunables SXID_ERASE Siddhesh Poyarekar
2023-10-03 20:11 ` [PATCH 1/2] Make all malloc " Siddhesh Poyarekar
2023-10-03 20:11 ` [PATCH 2/2] aarch64: Make glibc.mem.tagging SXID_ERASE Siddhesh Poyarekar
2023-10-04 7:29 ` Szabolcs Nagy
2023-10-04 11:59 ` Siddhesh Poyarekar
2023-10-04 14:04 ` Szabolcs Nagy
2023-10-04 14:23 ` Siddhesh Poyarekar
2023-10-04 14:51 ` Szabolcs Nagy
2023-10-04 14:53 ` Siddhesh Poyarekar
2023-10-04 15:05 ` Siddhesh Poyarekar
2023-10-04 17:01 ` Adhemerval Zanella Netto
2023-10-05 8:19 ` Szabolcs Nagy
2023-10-05 12:55 ` Siddhesh Poyarekar
2023-10-05 13:59 ` Szabolcs Nagy
2023-10-05 14:05 ` Siddhesh Poyarekar
2023-10-05 18:31 ` Zack Weinberg
2023-10-05 19:11 ` Siddhesh Poyarekar
2023-10-06 12:25 ` Zack Weinberg
2023-10-06 12:41 ` Siddhesh Poyarekar [this message]
2023-10-06 17:10 ` Adhemerval Zanella Netto
2023-10-06 18:04 ` Siddhesh Poyarekar
2023-10-08 19:51 ` Michael Hudson-Doyle
2023-10-31 19:58 ` Zack Weinberg
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4eaea4b7-c72f-8bd8-ab2b-dc08fc4ad97d@sourceware.org \
--to=siddhesh@sourceware.org \
--cc=adhemerval.zanella@linaro.org \
--cc=carlos@redhat.com \
--cc=fweimer@redhat.com \
--cc=libc-alpha@sourceware.org \
--cc=szabolcs.nagy@arm.com \
--cc=zack@owlfolio.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).