From: mail@horotw.com
To: Matthew Wilcox <willy@infradead.org>
Cc: linux-hardening@vger.kernel.org, Jakub Wilk <jwilk@jwilk.net>,
Salvatore Bonaccorso <carnil@debian.org>,
Linux Memory Management List <linux-mm@kvack.org>,
William Kucharski <william.kucharski@oracle.com>
Subject: Re: Limited/Broken functionality of ASLR for Libs >= 2MB
Date: Mon, 15 Jan 2024 19:21:19 +0100 [thread overview]
Message-ID: <07c348caaf6b4c457ab4b452f53ed048@horotw.com> (raw)
In-Reply-To: <ZaVi4ij0jgEz+isx@casper.infradead.org>
Am 15.01.2024 17:52, schrieb Matthew Wilcox:
> On Mon, Jan 15, 2024 at 04:40:36PM +0000, Sam James wrote:
>> mail@horotw.com writes:
>> > Hey, I read that ASLR is currently (since kernel >=5.18) broken for
>> > 32bit libs and reduced in effectiveness for 64bit libs... (the issue
>> > only arises if a lib is over 2MB).
>> > I confirmed this for myself but only for the 64bit case.
>> >
>> > I saw that this issue is being tracked by ubuntu
>> > (https://bugs.launchpad.net/ubuntu-kernel-tests/+bug/1983357).
>> > If this is the wrong place and I should instead report it elsewhere I
>> > am very sorry.
>>
>> See also https://bugs.debian.org/1024149. Unfortunately, I don't
>> think the issue found its way upstream until now (thanks).
>>
>> CCing relevant maintainers (per the Debian bug).
>
> You know, my email address is all over that commit and the doofus who
> "discovered the vulnerability" didn't even have the courtesy to let
> me know. I've had several private emails about this over the last few
> days and I just don't care. Who's running 32-bit code and cares about
> security? 32-bit kernels are known-vulnerable to all kinds of security
> problems, and I think this is the least of your worries.
>
> This was intended to happen, it's not a surprise.
Hi,
first of all I am very sorry, I didn't realize I should have contacted
you
first (I'm not the one who found the bug initially), I will do it
differently in the future.
Unfortunately, my knowledge is not sufficient to judge how bad it is
that
32bit effectively has no ASLR support anymore.
64bit is also affected, even though there are probably more than enough
bits left there? I have since seen that both Arch and Ubuntu seem to
have
"patches" in place
(https://gitlab.archlinux.org/archlinux/packaging/packages/linux/-/commit/3904bcb32cc58c10232fb618bf96c1b43b0bc9d7)
in which they set the `CONFIG_ARCH_MMAP_RND_BITS=32` and
`CONFIG_ARCH_MMAP_RND_COMPAT_BITS=16`, I'm not sure if this is a good
result or if it will cause other problems.
Again, I apologize if I caused any inconvenience.
next prev parent reply other threads:[~2024-01-15 18:21 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <69fa6015256613ed10aee996e181ebd4@horotw.com>
2024-01-15 16:40 ` Sam James
2024-01-15 16:52 ` Matthew Wilcox
2024-01-15 18:21 ` mail [this message]
2024-01-15 20:46 ` Matthew Wilcox
2024-01-16 8:09 ` Ard Biesheuvel
2024-01-23 22:35 ` Kees Cook
2024-01-24 1:04 ` Yang Shi
2024-01-24 16:08 ` Kees Cook
2024-01-22 9:48 ` Florian Weimer
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=07c348caaf6b4c457ab4b452f53ed048@horotw.com \
--to=mail@horotw.com \
--cc=carnil@debian.org \
--cc=jwilk@jwilk.net \
--cc=linux-hardening@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=william.kucharski@oracle.com \
--cc=willy@infradead.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox