Bug#514288: marked as done (stock debian kernels map heap, data, and other sections as rwx)
Your message dated Sun, 30 Aug 2009 23:36:44 +0200
with message-id <20090830213644.GA9233@galadriel.inutil.org>
and subject line Re: Bug#514288: stock debian kernels map heap, data, and other sections as rwx
has caused the Debian Bug report #514288,
regarding stock debian kernels map heap, data, and other sections as rwx
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)
--
514288: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=514288
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message ---
- To: submit@bugs.debian.org
- Subject: stock debian kernels map heap, data, and other sections as rwx
- From: tgo <tgotelnet@yahoo.com>
- Date: Thu, 5 Feb 2009 15:44:18 -0800 (PST)
- Message-id: <870012.16970.qm@web39708.mail.mud.yahoo.com>
Package: linux-image-2.6.24-e
Version: 2.6.24-6~etchnhalf.7
On both vmlinuz-2.6.18-5-686 and vmlinuz-2.6.24-etchnhalf.1-686 kernels, the debian system maps the heap, binary data, and other data sections as rwx, instead of the normal and sensible rw-.
Examples:
----
grep rwx /proc/1/maps
08050000-08051000 rwxp 00007000 08:01 48968 /sbin/init
08051000-08072000 rwxp 08051000 00:00 0 [heap]
b7d88000-b7d89000 rwxp b7d88000 00:00
0
b7d8b000-b7d8d000 rwxp 00001000 08:01 375948 /lib/tls/i686/cmov/libdl-2.3.6.so
b7eb9000-b7ebb000 rwxp 0012c000 08:01 375945 /lib/tls/i686/cmov/libc-2.3.6.so
b7ebb000-b7ebf000 rwxp b7ebb000 00:00 0
b7ed2000-b7ed4000 rwxp 00012000 08:01
359138 /lib/libselinux.so.1
b7f0a000-b7f0b000 rwxp 00035000 08:01 359139 /lib/libsepol.so.1
b7f0b000-b7f15000 rwxp b7f0b000 00:00 0
b7f19000-b7f1b000 rwxp b7f19000 00:00 0
b7f30000-b7f32000 rwxp 00014000 08:01 360971 /lib/ld-2.3.6.so
------
pidof sshd
2807 2804 2692
debian-vmware:/home/x# grep -c rwx /proc/2807/maps
44
It seems incorrect and also very bad from a security standpoint to have this behavior. I am aware that the kernel does not ask for these mappings to be created, but it also should enforce some sort of W^X behavior. The loader or whichever userland application that asks for the mappings should also be alterted to follow the normal memory permission standards.
--- End Message ---
--- Begin Message ---
- To: 514288-done@bugs.debian.org
- Cc: tgo <tgotelnet@yahoo.com>
- Subject: Re: Bug#514288: stock debian kernels map heap, data, and other sections as rwx
- From: Moritz Muehlenhoff <jmm@inutil.org>
- Date: Sun, 30 Aug 2009 23:36:44 +0200
- Message-id: <20090830213644.GA9233@galadriel.inutil.org>
- In-reply-to: <1234143053.2869.32.camel@hashbaz.i.decadent.org.uk>
- References: <870012.16970.qm@web39708.mail.mud.yahoo.com> <1234143053.2869.32.camel@hashbaz.i.decadent.org.uk>
On Mon, Feb 09, 2009 at 01:30:53AM +0000, Ben Hutchings wrote:
> On Thu, 2009-02-05 at 15:44 -0800, tgo wrote:
> > Package: linux-image-2.6.24-e
> > Version: 2.6.24-6~etchnhalf.7
> > On both vmlinuz-2.6.18-5-686 and vmlinuz-2.6.24-etchnhalf.1-686
> > kernels, the debian system maps the heap, binary data, and other data
> > sections as rwx, instead of the normal and sensible rw-.
>
> This is a hardware limitation of i386 page tables - these permissions
> cannot be set independently.
>
> To overcome this limitation, you need a kernel that uses PAE page tables
> (-686-bigmem or -amd64 flavour) and a processor that supports the "NX"
> flag (look for "nx" on the "flags" line in /proc/cpuinfo").
Closing the bug.
Cheers,
Moritz
--- End Message ---
Reply to: