oss-sec mailing list archives

Re: ASLRn't is still alive and well on x86 kernels, despite CVE-2024-26621 patch

From: "David A. Wheeler" <dwheeler () dwheeler com>
Date: Thu, 11 Jul 2024 12:55:41 -0400

Yves-Alexis Perez wrote in

<6771f9536d49185fc8f1ea9905c13cf4dd8776d2.camel () debian org>:
...
|mmap(NULL, 2097152, PROT_READ, MAP_PRIVATE|MAP_DENYWRITE, 0, 0) = 0xf7df\
|3000


On Jul 10, 2024, at 5:44 PM, Steffen Nurpmeso <steffen () sdaoden eu> wrote:

I thought on Linux MAP_DENYWRITE is actually an ignored flag.


I believe you're correct, but I believe what Yves-Alexis Perez is showing is the
flags that are being *passed* to the kernel (whether or not they DO anything).
Which is why there's a proposal to *make* MAP_DENYWRITE do something in this case.

My plea is that if this DOES start doing something, PLEASE document that ASAP
(including a note that it USED to be ignored). I fear that this security property
might, on some platforms, depend on a quiet undocumented change.

--- David A. Wheeler

Current thread:

Re: ASLRn't is still alive and well on x86 kernels, despite CVE-2024-26621 patch, (continued)
- - Re: ASLRn't is still alive and well on x86 kernels, despite CVE-2024-26621 patch Will Dormann (Jul 08)
  - Re: ASLRn't is still alive and well on x86 kernels, despite CVE-2024-26621 patch David A. Wheeler (Jul 08)
    - Re: ASLRn't is still alive and well on x86 kernels, despite CVE-2024-26621 patch Florian Weimer (Jul 08)
- Re: ASLRn't is still alive and well on x86 kernels, despite CVE-2024-26621 patch Simon McVittie (Jul 08)
- Re: ASLRn't is still alive and well on x86 kernels, despite CVE-2024-26621 patch Will Dormann (Jul 08)
- Re: ASLRn't is still alive and well on x86 kernels, despite CVE-2024-26621 patch Yves-Alexis Perez (Jul 10)
  - Re: ASLRn't is still alive and well on x86 kernels, despite CVE-2024-26621 patch Will Dormann (Jul 10)
    - Re: ASLRn't is still alive and well on x86 kernels, despite CVE-2024-26621 patch Yves-Alexis Perez (Jul 11)
    - Re: ASLRn't is still alive and well on x86 kernels, despite CVE-2024-26621 patch Yves-Alexis Perez (Jul 11)
  - Re: ASLRn't is still alive and well on x86 kernels, despite CVE-2024-26621 patch Steffen Nurpmeso (Jul 10)
    - Re: ASLRn't is still alive and well on x86 kernels, despite CVE-2024-26621 patch David A. Wheeler (Jul 11)
    - Re: ASLRn't is still alive and well on x86 kernels, despite CVE-2024-26621 patch Steffen Nurpmeso (Jul 12)
    - Re: ASLRn't is still alive and well on x86 kernels, despite CVE-2024-26621 patch Jacob Bachmeyer (Jul 13)
    - Re: ASLRn't is still alive and well on x86 kernels, despite CVE-2024-26621 patch Steffen Nurpmeso (Jul 13)
    - Re: ASLRn't is still alive and well on x86 kernels, despite CVE-2024-26621 patch Demi Marie Obenour (Jul 14)
    - Re: ASLRn't is still alive and well on x86 kernels, despite CVE-2024-26621 patch Steffen Nurpmeso (Jul 15)
    - Re: ASLRn't is still alive and well on x86 kernels, despite CVE-2024-26621 patch Jacob Bachmeyer (Jul 14)
    - Re: ASLRn't is still alive and well on x86 kernels, despite CVE-2024-26621 patch Steffen Nurpmeso (Jul 15)
- Re: ASLRn't is still alive and well on x86 kernels, despite CVE-2024-26621 patch Yves-Alexis Perez (Jul 29)
  - Re: ASLRn't is still alive and well on x86 kernels, despite CVE-2024-26621 patch Will Dormann (Jul 30)