Re: ASLRn't is still alive and well on x86 kernels, despite CVE-2024-26621 patch

[Jacob Bachmeyer <jcb62281 () gmail com>]

Steffen Nurpmeso wrote:
> [...]
>
> Some findings:
>   . I note that the mentioned files are writable by only root (and
>   i would assume MAP_DENYWRITE to only work if i could do so
>   myself).
>   

I believe that most executables are writable only by root, but available 
to unprivileged users.  Since the purpose of MAP_DENYWRITE seems to have 
been ensuring that executables cannot change out from underneath running 
programs, it would need to work when unprivileged users map the file; 
thus the DoS problem.

>   . Capabilities have become more fine-grained.
>   . I always whimper when i have to rm(1) a running executable before
>   placing an updated variant on Linux, on BSDs i simply over-cp(1)
>   (and i do not understand as long as one gets either the one or
>   the other when executing the path).
>   
Simple solution:
   - write the new executable under a temporary name
   - use link(2) to create a new name for the existing executable
   - use rename(2) to atomically replace the existing executable
   - use unlink(2) to remove the old version after any needed checks

You can dispense with link(2) and unlink(2) if you do not want to 
preserve a backup of the old executable.  Using this method will change 
the executable's inode number (meaning that it really is a different 
file) and that means that the old version can remain on disk for as long 
as it remains in use, even after its last name has been removed.


-- Jacob