Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Message-ID: <20170610122610.GQ1627@brightrain.aerifal.cx>
Date: Sat, 10 Jun 2017 08:26:10 -0400
From: Rich Felker <dalias@...c.org>
To: musl@...ts.openwall.com
Subject: Re: a possible need for MAP_FIXED in ldso/dynlink.c ?

On Sat, Jun 10, 2017 at 12:51:51PM +0200, u-uy74@...ey.se wrote:
> Hello,
> 
> Running musl-based (1.1.16) Linux binaries (i386) under Linux ABI
> on FreeBSD (11.0-RELEASE amd64), with explicit use of the loader like
>  /..../libc.so --library-path <something> <prog> <args>
> fails when mmap() returns a different address than requested
> which is rejected by the musl loader when mapping the executable:
> "Not a valid dynamic program",
> due to:
>         map = ....
>                 : mmap((void *)addr_min, map_len, prot,
>                         MAP_PRIVATE, fd, off_start);
>  ...
>         /* If the loaded file is not relocatable and the requested address is
>          * not available, then the load operation must fail. */
>         if (eh->e_type != ET_DYN && addr_min && map!=(void *)addr_min) {
>                 errno = EBUSY;
>                 goto error;
>  ...
> 
> mmap() returning a different address does not necessarily mean that
> the requested one is not available.
> 
> I wonder whether adding MAP_FIXED to MAP_PRIVATE above would be a
> useful approach (conditionally on eh->e_type==ET_EXEC ?).
> 
> Adding the MAP_FIXED flag, both conditionally or not, seems to work
> around the particular problem but I am unsure about all its implications
> and consequences, among others under the current Linux implementation
> of the Lunux ABI.

Use of MAP_FIXED with a memory range you don't already own is an
invalid and unsafe operation. You may end up mapping over top of
yourself, even. Implementations should honor the requested address
passed to mmap and only fail to provide it if it's already in use.

Basically MAP_FIXED is analogous to dup2, and mmap with a preferred
address but no MAP_FIXED is analogous to fcntl F_DUPFD. Breaking the
latter is popular among security snakeoil products but really has no
benefits, since applications that don't have a reason for requesting a
particular address should, and do, pass 0 as the request.

Rich

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.