Re: [PATCH] New PT_GNU_COMPAT segment header extension
From: Ramon de C Valle
Date: Fri Jan 13 2012 - 08:56:15 EST
Hi,
This is a brief example of the behavior of the system I use for some time
already. For an ELF binary with the PT_GNU_STACK segment header and the PF_X
flag not set (i.e. the default), the following are its currently virtual
memory mappings and their access permissions:
[rcvalle@Fedora-15-i386 ~]$ cat /proc/2253/maps
004e2000-004e3000 r-xp 00000000 00:00 0 [vdso]
08048000-08049000 r-xp 00000000 fd:02 926785 /home/rcvalle/a.out
08049000-0804a000 rw-p 00000000 fd:02 926785 /home/rcvalle/a.out
495c9000-495e8000 r-xp 00000000 fd:01 1971790 /lib/ld-2.13.90.so
495e8000-495e9000 r--p 0001f000 fd:01 1971790 /lib/ld-2.13.90.so
495e9000-495ea000 rw-p 00020000 fd:01 1971790 /lib/ld-2.13.90.so
495ec000-49774000 r-xp 00000000 fd:01 1971791 /lib/libc-2.13.90.so
49774000-49776000 r--p 00188000 fd:01 1971791 /lib/libc-2.13.90.so
49776000-49777000 rw-p 0018a000 fd:01 1971791 /lib/libc-2.13.90.so
49777000-4977a000 rw-p 00000000 00:00 0
b780c000-b780d000 rw-p 00000000 00:00 0
b7824000-b7825000 rw-p 00000000 00:00 0
bfdc3000-bfde4000 rw-p 00000000 00:00 0 [stack]
[rcvalle@Fedora-15-i386 ~]$
The following are its currently virtual memory mappings and their access
permissions with the PT_GNU_STACK segment header and the PF_X flag unset:
[rcvalle@Fedora-15-i386 ~]$ cat /proc/2257/maps
00dcc000-00dcd000 r-xp 00000000 00:00 0 [vdso]
08048000-08049000 r-xp 00000000 fd:02 926825 /home/rcvalle/a.out
08049000-0804a000 rw-p 00000000 fd:02 926825 /home/rcvalle/a.out
495c9000-495e8000 r-xp 00000000 fd:01 1971790 /lib/ld-2.13.90.so
495e8000-495e9000 r--p 0001f000 fd:01 1971790 /lib/ld-2.13.90.so
495e9000-495ea000 rw-p 00020000 fd:01 1971790 /lib/ld-2.13.90.so
495ec000-49774000 r-xp 00000000 fd:01 1971791 /lib/libc-2.13.90.so
49774000-49776000 r--p 00188000 fd:01 1971791 /lib/libc-2.13.90.so
49776000-49777000 rw-p 0018a000 fd:01 1971791 /lib/libc-2.13.90.so
49777000-4977a000 rw-p 00000000 00:00 0
b7711000-b7712000 rw-p 00000000 00:00 0
b7729000-b772a000 rw-p 00000000 00:00 0
bfca7000-bfcc8000 rwxp 00000000 00:00 0 [stack]
[rcvalle@Fedora-15-i386 ~]$
The following are its currently virtual memory mappings and their access
permissions with the PT_GNU_COMPAT segment header and the PF_X flag set:
[rcvalle@Fedora-15-i386 ~]$ cat /proc/2349/maps
00850000-00851000 r-xp 00000000 00:00 0 [vdso]
00d29000-00d2a000 rwxp 00000000 00:00 0
00fd2000-00fd3000 rwxp 00000000 00:00 0
08048000-08049000 r-xp 00000000 fd:02 926785 /home/rcvalle/a.out
08049000-0804a000 rwxp 00000000 fd:02 926785 /home/rcvalle/a.out
495c9000-495e8000 r-xp 00000000 fd:01 1971790 /lib/ld-2.13.90.so
495e8000-495e9000 r-xp 0001f000 fd:01 1971790 /lib/ld-2.13.90.so
495e9000-495ea000 rwxp 00020000 fd:01 1971790 /lib/ld-2.13.90.so
495ec000-49774000 r-xp 00000000 fd:01 1971791 /lib/libc-2.13.90.so
49774000-49776000 r-xp 00188000 fd:01 1971791 /lib/libc-2.13.90.so
49776000-49777000 rwxp 0018a000 fd:01 1971791 /lib/libc-2.13.90.so
49777000-4977a000 rwxp 00000000 00:00 0
bfd2b000-bfd4c000 rwxp 00000000 00:00 0 [stack]
[rcvalle@Fedora-15-i386 ~]$
Notice the difference between its currently virtual memory mappings and
their access permissions with the PT_GNU_STACK segment header and the PF_X
flag unset and their access permissions with the PT_GNU_COMPAT segment
header and the PF_X flag set. The latter is the current behavior of the
Linux kernel for any ELF binary with the PT_GNU_STACK segment header and the
PF_X flag unset (i.e. all its virtual memory mappings are executable).
Any comments about these patches would be greatly appreciated.
Thanks,
--
Ramon de C Valle / Red Hat Security Response Team
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/