Re: [PATCH] x86_64: Disabling read-implies-exec when the stack is executable
From: Ingo Molnar
Date: Mon May 16 2016 - 06:58:15 EST
* Kees Cook <keescook@xxxxxxxxxxxx> wrote:
> On Wed, May 11, 2016 at 3:45 AM, Hector Marco-Gisbert <hecmargi@xxxxxx> wrote:
> > The READ_IMPLIES_EXEC personality was removed in 2005 for 64-bit processes,
> > (commit a3cc2546a54361b86b73557df5b85c4fc3fc27c3 form history.git).
> >
> > But it's still possible to have all readable areas with EXEC permissions by
> > setting the stack as executable in 64-bit ELF executables (also in 32-bit).
>
> My memory is fuzzy here, but IIRC, RIE is needed for loading binaries
> that have no concept of no-exec permissions. In those cases, there's
> no way to tell if the process expected to need execute permissions in
> arbitrary memory regions.
>
> > This is because the macro elf_read_implies_exec() does not distinguish
> > between 32 and 64-bit executables: when the stack is executable then the
> > read-implies-exec personality is set (enabled) to the process.
>
> However, I would tend to agree: RIE should only be needed on 32-bit
> since 64-bit started its life knowing about no-exec permissions.
>
> set_personality_64bit()'s (which is confusingly just an initializer
> and not called during the personality() syscall) comment about this
> makes no sense to me:
>
> /* TBD: overwrites user setup. Should have two bits.
> But 64bit processes have always behaved this way,
> so it's not too bad. The main problem is just that
> 32bit childs are affected again. */
> current->personality &= ~READ_IMPLIES_EXEC;
JFYI, that obfuscated comment was added over a decade ago to the x86_64 tree, see
the commit from the historic git tree attached below.
Thanks,
Ingo
=================>