Re: [PATCH][RFC] invalid ELF binaries can execute - better sanitychecking

From: Maciej Zenczykowski
Date: Fri Jan 09 2004 - 15:23:08 EST

Next message: Nigel Cunningham: "Re: Swapfiles broken on XFS."
Previous message: James Morris: "Re: [PATCH][SELINUX] 3/7 Add node controls"
In reply to: Jesper Juhl: "Re: [PATCH][RFC] invalid ELF binaries can execute - better sanitychecking"
Next in thread: Christoph Hellwig: "Re: [PATCH][RFC] invalid ELF binaries can execute - better sanity checking"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> I know of the document, but thank you for pointing it out, it's quite an
> interresting read. Actually, reading that exact document ages ago was what
> initially caused me to start reading the ELF loading code (thinking
> "there's got to be something wrong here").
> I've actually been planning to use some of the crazy stunts he pulls
> with that code as validity checks of the code I want to implement (in
> adition to specially tailored test-cases ofcourse).

I think this points to an 'issue', if we're going to increase the checks
in the ELF-loader (and thus increase the size of the minimal valid ELF
file we can load, thus effectively 'bloating' (lol) some programs) we
should probably allow some sort of direct binary executable files [i.e.
header 'XBIN386\0' followed by Read/Execute binary code to execute by
mapping as RX at any offset and jumping to offset 8] to allow writing
minimal executables. Minimalizing executables is useful for embedded
systems, portable devices, floppy distributions and ramdisk/initrd
situations. Sure many of these solve this problem by UPX compressing
busybox/crunchbox one-file-many-executables files, but it would still be
nice to be able to dump all the extra crud in some cases. Some of these
distributions already contain non-standards conforming ELF files. I have a
933 byte less and a 305 byte strings command on my initrd (taken from some
floppy distribution) which report "ERROR: Corrupted section header size"
via 'file *' and there is probably many many more out there. Is this
worth it? I don't know, in many ways this would be the COM to the ELF
EXE... the DOS analogy proves little though [note: I have no idea about
the a.out or COFF or whatever it's called format].

Cheers,
MaZe.

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Nigel Cunningham: "Re: Swapfiles broken on XFS."
Previous message: James Morris: "Re: [PATCH][SELINUX] 3/7 Add node controls"
In reply to: Jesper Juhl: "Re: [PATCH][RFC] invalid ELF binaries can execute - better sanitychecking"
Next in thread: Christoph Hellwig: "Re: [PATCH][RFC] invalid ELF binaries can execute - better sanity checking"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]