JIT breaks on feather3

mark.a.biggar at comcast.net mark.a.biggar at comcast.net
Wed Dec 3 16:13:16 UTC 2008


This looks like someone did a quick hack to prevent a buffer overflow attack 
on feather3.

--
Mark Biggar
mark at biggar.org
mark.a.biggar at comcast.net
mbiggar at paypal.com

 -------------- Original message ----------------------
From: Geoffrey Broadwell <geoff at broadwell.org>
> On Wed, 2008-12-03 at 06:40 -0800, Mark Glines wrote:
> > chromatic wrote:
> > > On Tuesday 02 December 2008 22:27:15 Mark Glines wrote:
> > > 
> > >> Kevin mentioned that parrot is using mprotect() to explicitly ask glibc
> > >> to make this memory executable.  Since it isn't, that possibly makes
> > >> this a glibc bug.  Either way, this seems like the sort of issue which
> > >> would keep cropping up in weird ways, unless we could detect/prevent it
> > >> somehow.
> > >>
> > >> So, List, does anyone happen to know why processes under screen have
> > >> non-executable stacks?  Or possibly a bash shopt or ulimit or dropped
> > >> privilege or somesuch?
> > > 
> > > SELinux or GCC stack protection might also do this (though I'm not *sure* of 
> > > the latter).
> > 
> > Yeah, that would make sense.  This is the heap, not the stack, but the 
> > same issues and motivations would apply.
> > 
> > The weird thing is how selective it is.  GCC stack protection should 
> > affect all binaries compiled with that version of GCC, but here, the 
> > same binary behaves in different ways depending on whether you run it 
> > from within screen.  That sounds crazy to me.
> 
> Perhaps some security option is being set based on not having a "real"
> tty?
> 
> > So it seems like something environmental.  And I did tweak %ENV so they 
> > were as close to identical as possible, basically everything except 
> > $ENV{PPID} (which is readonly for bash).  That had no effect.
> > 
> > If it helps, feather3 is a virtual machine running Debian lenny/sid, 
> > kernel 2.6.18-6-xen-686, and libc6 version 2.7-15.
> 
> That's a pretty old kernel (from the previous stable release).  My
> Debian lenny/sid system reports a 2.6.26 kernel, and according to
> apt-cache linux-image-2.6-xen-686 is up to 2.6.26+16.  I'm not sure it
> makes a big difference, but Xen is developed fairly rapidly so there
> might be fixes to memory protection bits in between 2.6.18 and 2.6.26.
> 
> 
> -'f
> 
> 
> _______________________________________________
> http://lists.parrot.org/mailman/listinfo/parrot-dev



More information about the parrot-dev mailing list