Re: get_arg_page() && ptr_size accounting

From: Oleg Nesterov
Date: Tue Sep 11 2018 - 11:25:38 EST

Next message: Stefan Wahren: "[PATCH RFC] net: qca_spi: Introduce write register verification"
Previous message: Randy Dunlap: "Re: linux-next: Tree for Sep 11 (drivers/md/dm-thin-metadata.o:)"
In reply to: Kees Cook: "Re: get_arg_page() && ptr_size accounting"
Next in thread: Oleg Nesterov: "Re: get_arg_page() && ptr_size accounting"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 09/10, Kees Cook wrote:
>
> On Mon, Sep 10, 2018 at 10:21 AM, Oleg Nesterov <oleg@xxxxxxxxxx> wrote:
>
> > Could you explain what this patch actually prevents from? Especially
> > now that we have stack_guard_gap?
>
> One of the many Stack Clash abuses was that it was possible to jump
> over the stack gap with outrageous environment variables that got
> expanded in stupid ways by, IIRC, glibc or the dynamic linker. The
> point here was to be defensive in the face of future weaknesses, and
> try to be robust in the face of crazy execs but workable under normal
> (but large) execs.

IOW, unlimited arg size makes many interesting attacks possible.

This is clear, I was confused because I thought this patch fixes some
particular problem not explained in the changelog.

Thanks,

Oleg.

Next message: Stefan Wahren: "[PATCH RFC] net: qca_spi: Introduce write register verification"
Previous message: Randy Dunlap: "Re: linux-next: Tree for Sep 11 (drivers/md/dm-thin-metadata.o:)"
In reply to: Kees Cook: "Re: get_arg_page() && ptr_size accounting"
Next in thread: Oleg Nesterov: "Re: get_arg_page() && ptr_size accounting"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]