oss-sec mailing list archives
Re: GCC Compiler Induced Vulnerability - affects programs compiled with GCC 7 and 8 containing nested functions
From: Jordan Glover <Golden_Miller83 () protonmail ch>
Date: Wed, 24 Oct 2018 14:30:36 +0000
‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐ On Tuesday, October 23, 2018 3:35 PM, Solar Designer <solar () openwall com> wrote:
Here's a list of maybe-actionable items I came up with in response to Webroot's findings/reminder: 1. More distros should start checking for executable stacks in program binaries at package build time, and error out when this is unexpected. 2. On Linux, we might want to have an enforcing mode (or several sub-modes) in the kernel, where it'd keep the stack non-executable (and possibly enforce W^X for other mappings as well), ignoring any flags in the program binaries. I encouraged Vasiliy Kulikov to implement that when he worked with us under GSoC 2011 on Linux kernel hardening tasks. Here's the relevant thread, including a kernel patch: https://www.openwall.com/lists/kernel-hardening/2011/07/18/8 For GCC trampolines to continue working, we can implement emulation of the trampoline instructions like I introduced in -ow patches for 2.2.x and like it's done in PaX/grsecurity. Vasiliy's patch includes that (using code from PaX). IIRC, we never actually submitted this upstream. Maybe the current kernel hardening project (KSPP) should take and complete this effort.
There is S.A.R.A LSM[0] proposed by Salvatore Mesoraca with the aim to upstream it to mainline kernel when needed infrastructure for it will be ready. [0] https://sara.smeso.it/en/latest/ Jordan
Current thread:
- GCC Compiler Induced Vulnerability - affects programs compiled with GCC 7 and 8 containing nested functions Andrew Sandoval (Oct 22)
- Re: GCC Compiler Induced Vulnerability - affects programs compiled with GCC 7 and 8 containing nested functions Florian Weimer (Oct 22)
- Re: GCC Compiler Induced Vulnerability - affects programs compiled with GCC 7 and 8 containing nested functions Ramon de C Valle (Oct 23)
- Re: GCC Compiler Induced Vulnerability - affects programs compiled with GCC 7 and 8 containing nested functions Solar Designer (Oct 23)
- Re: GCC Compiler Induced Vulnerability - affects programs compiled with GCC 7 and 8 containing nested functions Jordan Glover (Oct 24)
- Re: GCC Compiler Induced Vulnerability - affects programs compiled with GCC 7 and 8 containing nested functions Florian Weimer (Oct 22)
- Re: GCC Compiler Induced Vulnerability - affects programs compiled with GCC 7 and 8 containing nested functions Mikhail Klementev (Oct 23)
- Re: GCC Compiler Induced Vulnerability - affects programs compiled with GCC 7 and 8 containing nested functions Yann Droneaud (Oct 23)
- Re: GCC Compiler Induced Vulnerability - affects programs compiled with GCC 7 and 8 containing nested functions Matthew Fernandez (Oct 23)