From: ebiederm@xmission.com (Eric W. Biederman)
To: Aaron Lehmann <aaronl@vitelus.com>
Cc: Jesper Juhl <juhl-lkml@dif.dk>, Andrew Morton <akpm@osdl.org>,
linux-kernel@vger.kernel.org
Subject: Re: [PATCH] stronger ELF sanity checks v2
Date: 13 Jan 2004 03:39:11 -0700 [thread overview]
Message-ID: <m1brp8gmk0.fsf@ebiederm.dsl.xmission.com> (raw)
In-Reply-To: <20040113033234.GD2000@vitelus.com>
Aaron Lehmann <aaronl@vitelus.com> writes:
> On Tue, Jan 13, 2004 at 02:55:07AM +0100, Jesper Juhl wrote:
> > Here's the second version of my patch to add better sanity checks for
> > binfmt_elf
>
> I assume this breaks Brian Raiter's tiny ELF executables[1].
Hmm. I would expect most of the to continue to work because they
are valid. The only problem I see is when he starts scrunching
things together by changing the value of fields that have a specified
meaning.
> Even
> though these binaries are evil hacks that don't comply to standards
> and serve no serious purpose, I'm not sure what the purpose of the
> sanity checks is. Are there any risks associated with running
> non-compliant ELF executables?
Sanity checks are always good for future compatibility so someone does
not come to rely on your bugs. This is less of a problem in linux than
in some systems but still. This is the primary reason cpus have undefined
opcode exceptions for example.
> (Now that I mention it, the
> proof-of-concept exploit for the brk() hole comes to mind, but I don't
> know offhand if that did anything against the spec.) I don't mean to
> question the usefulness of your work, especially as I don't know much
> about ELF, but I'm personally curious about why you think additional
> sanity checks are worth a slight increase in code complexity.
That was my impression as well. Increasing the complexity of the
if statements when goto's are already in use seems silly.
Eric
next prev parent reply other threads:[~2004-01-13 10:45 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2004-01-13 1:55 [PATCH] stronger ELF sanity checks v2 Jesper Juhl
2004-01-13 3:32 ` Aaron Lehmann
2004-01-13 10:39 ` Eric W. Biederman [this message]
2004-01-16 16:08 ` Pavel Machek
2004-01-16 19:55 ` Jesse Pollard
2004-01-16 21:36 ` Pavel Machek
2004-01-13 17:35 ` Jakub Jelinek
2004-01-13 19:54 ` Jesper Juhl
2004-01-15 7:43 ` Ulrich Drepper
[not found] <1dmam-2Xk-11@gated-at.bofh.it>
[not found] ` <1dAQW-109-3@gated-at.bofh.it>
[not found] ` <1dCSg-5vk-55@gated-at.bofh.it>
[not found] ` <1eaqw-6Dk-29@gated-at.bofh.it>
2004-01-15 13:13 ` Pascal Schmidt
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=m1brp8gmk0.fsf@ebiederm.dsl.xmission.com \
--to=ebiederm@xmission.com \
--cc=aaronl@vitelus.com \
--cc=akpm@osdl.org \
--cc=juhl-lkml@dif.dk \
--cc=linux-kernel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.