diff options
| author | Kees Cook <kees.cook@canonical.com> | 2010-05-25 09:51:25 -0700 |
|---|---|---|
| committer | Leann Ogasawara <leann.ogasawara@canonical.com> | 2010-09-02 13:43:15 -0700 |
| commit | 2fa96d1e3d8f4a3012340525a01835fb2fd6e0b7 (patch) | |
| tree | 789f93a558aa858e209d8b51aa99cdfb3f032569 /fs | |
| parent | d70f1a337f774617558ef73dc6986663c80c71ea (diff) | |
UBUNTU: SAUCE: x86: implement cs-limit nx-emulation for ia32
OriginalAuthor: Kyle McMartin <kyle@redhat.com>, Dave Jones <djones@redhat.com>, Solar Designer <solar at openwall.com>
OriginalLocation: http://cvs.fedoraproject.org/viewvc/devel/kernel/linux-2.6-execshield.patch?view=log
Bug: #369978
This is a refresh from version 1.117 as carried by the Fedora Project.
Implements NX emulation via CS-limits. It closes a gap in security
protections on ia32 kernels without PAE, and for ia32 hardware that
lacks the NX feature.
Upstream feels this NX emulation is not appropriate for mainline, and
as such, RedHat and others have carried it in their kernels for a long
time now.
Also reference https://blueprints.edge.launchpad.net/ubuntu/+spec/use-pae-when-possible
Signed-off-by: Kees Cook <kees.cook@canonical.com>
Signed-off-by: Leann Ogasawara <leann.ogasawara@canonical.com>
Diffstat (limited to 'fs')
| -rw-r--r-- | fs/binfmt_elf.c | 21 |
1 files changed, 18 insertions, 3 deletions
diff --git a/fs/binfmt_elf.c b/fs/binfmt_elf.c index 535e763ab1a..d114af6d44d 100644 --- a/fs/binfmt_elf.c +++ b/fs/binfmt_elf.c @@ -74,7 +74,7 @@ static struct linux_binfmt elf_format = { .hasvdso = 1 }; -#define BAD_ADDR(x) ((unsigned long)(x) >= TASK_SIZE) +#define BAD_ADDR(x) IS_ERR_VALUE(x) static int set_brk(unsigned long start, unsigned long end) { @@ -701,6 +701,11 @@ static int load_elf_binary(struct linux_binprm *bprm, struct pt_regs *regs) break; } + if (current->personality == PER_LINUX && (exec_shield & 2)) { + executable_stack = EXSTACK_DISABLE_X; + current->flags |= PF_RANDOMIZE; + } + /* Some simple consistency checks for the interpreter */ if (elf_interpreter) { retval = -ELIBBAD; @@ -717,6 +722,15 @@ static int load_elf_binary(struct linux_binprm *bprm, struct pt_regs *regs) if (retval) goto out_free_dentry; +#ifdef CONFIG_X86_32 + /* + * Turn off the CS limit completely if exec-shield disabled or + * NX active: + */ + if (!exec_shield || executable_stack != EXSTACK_DISABLE_X || (__supported_pte_mask & _PAGE_NX)) + arch_add_exec_range(current->mm, -1); +#endif + /* OK, This is the point of no return */ current->flags &= ~PF_FORKNOEXEC; current->mm->def_flags = def_flags; @@ -724,7 +738,8 @@ static int load_elf_binary(struct linux_binprm *bprm, struct pt_regs *regs) /* Do this immediately, since STACK_TOP as used in setup_arg_pages may depend on the personality. */ SET_PERSONALITY(loc->elf_ex); - if (elf_read_implies_exec(loc->elf_ex, executable_stack)) + if (!(exec_shield & 2) && + elf_read_implies_exec(loc->elf_ex, executable_stack)) current->personality |= READ_IMPLIES_EXEC; if (!(current->personality & ADDR_NO_RANDOMIZE) && randomize_va_space) @@ -890,7 +905,7 @@ static int load_elf_binary(struct linux_binprm *bprm, struct pt_regs *regs) interpreter, &interp_map_addr, load_bias); - if (!IS_ERR((void *)elf_entry)) { + if (!BAD_ADDR(elf_entry)) { /* * load_elf_interp() returns relocation * adjustment |