Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-Id: <83F0CF09-6257-4949-9332-E6990CFE14C7@dwheeler.com>
Date: Thu, 11 Jul 2024 12:55:41 -0400
From: "David A. Wheeler" <dwheeler@...eeler.com>
To: oss-security@...ts.openwall.com
Subject: Re: ASLRn't is still alive and well on x86 kernels,
 despite CVE-2024-26621 patch

Yves-Alexis Perez wrote in
> <6771f9536d49185fc8f1ea9905c13cf4dd8776d2.camel@...ian.org>:
> ...
> |mmap(NULL, 2097152, PROT_READ, MAP_PRIVATE|MAP_DENYWRITE, 0, 0) = 0xf7df\
> |3000

On Jul 10, 2024, at 5:44 PM, Steffen Nurpmeso <steffen@...oden.eu> wrote:
> I thought on Linux MAP_DENYWRITE is actually an ignored flag.

I believe you're correct, but I believe what Yves-Alexis Perez is showing is the
flags that are being *passed* to the kernel (whether or not they DO anything).
Which is why there's a proposal to *make* MAP_DENYWRITE do something in this case.

My plea is that if this DOES start doing something, PLEASE document that ASAP
(including a note that it USED to be ignored). I fear that this security property
might, on some platforms, depend on a quiet undocumented change.

--- David A. Wheeler

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.