Re: [PATCH] stronger ELF sanity checks v2

[Eric W. Biederman]

Aaron Lehmann <aaronl@xxxxxxxxxxx> writes:

> On Tue, Jan 13, 2004 at 02:55:07AM +0100, Jesper Juhl wrote:
> > Here's the second version of my patch to add better sanity checks for
> > binfmt_elf
> 
> I assume this breaks Brian Raiter's tiny ELF executables[1]. 

Hmm. I would expect most of the to continue to work because they
are valid.  The only problem I see is when he starts scrunching
things together by changing the value of fields that have a specified
meaning.

> Even
> though these binaries are evil hacks that don't comply to standards
> and serve no serious purpose, I'm not sure what the purpose of the
> sanity checks is. Are there any risks associated with running
> non-compliant ELF executables? 

Sanity checks are always good for future compatibility so someone does
not come to rely on your bugs.  This is less of a problem in linux than
in some systems but still.  This is the primary reason cpus have undefined
opcode exceptions for example.

> (Now that I mention it, the
> proof-of-concept exploit for the brk() hole comes to mind, but I don't
> know offhand if that did anything against the spec.) I don't mean to
> question the usefulness of your work, especially as I don't know much
> about ELF, but I'm personally curious about why you think additional
> sanity checks are worth a slight increase in code complexity.

That was my impression as well.  Increasing the complexity of the
if statements when goto's are already in use seems silly.

Eric
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/