Re: [PATCH] x86_64: Disabling read-implies-exec when the stack is executable
From: Kees Cook
Date: Thu Apr 18 2019 - 10:37:35 EST
On Thu, Apr 18, 2019 at 9:15 AM Andy Lutomirski <luto@xxxxxxxxxxxxxx> wrote:
> I have the opposite question: who cares if we have NX? On a CPU without NX, read implies exec, full stop. Why should nasty personality stuff matter at all? The personality stuff is about supporting old crufty binaries.
>
> So: are there old 64-bit binaries that have their stacks marked RX that expect mmap to automatically return X memory? If so, then the patch is a problem. If not, then maybe the patch is okay.
That's what I'm wondering too. (Though remember that ia32 PAE has NX,
so it's also 32-bit binaries.) The matrix I have in my head is:
CPU: | lacks NX | has NX |
ELF: | | |
--------------------------------------------------------|
missing GNU_STACK | doesn't matter | needs RIE |
GNU_STACK == RWX | doesn't matter | needs only stack X | *
GNU_STACK == RW | doesn't matter | needs stack NX |
(hopefully gmail doesn't mangle this whitespace)
The "*" line here is the question. The question is "when does
GNU_STACK == RWX also mean all mmaps must be X?" If it's only on ia32,
okay, fine we can adjust it, but why is it only an issue for ia32
toolchains? If it's a non-issue, then the above logic stands.
> All that being said, the comment in the patch seems to be highly misleading. If the patch is to be applied, the comment needs serious work.
Yes, absolutely. (I'd include the chart above, for example...)
--
Kees Cook