[uml-devel] [Pkg-uml-devel] Are you aware to 386945 and lkml
0609.2/1537.html
Blaisorblade
blaisorblade at yahoo.it
Fri Nov 17 23:09:51 CET 2006
On Sunday 12 November 2006 23:43, Stefano Melchior wrote:
> On Wed, Nov 08, 2006 at 09:19:24AM +0100, Stefano Melchior wrote:
> Dear UML developer,
> it was reported by Debian users that the new convention in sysvinit
> package to prevent shm to be exec breaks some application.
> For this moment, I mean in order to allow the upcoming stable release
> Etch to be released, the changes to the package were reverted only to
> avoid dosemu and u-m-l package related not to be broken.
>
> As mentioned in the following mail [*], it would be possible to provide a
> kernel side support for this sysvinit security need: the patch linked at
> the
>
> http://uwsg.iu.edu/hypermail/linux/kernel/0609.2/1537.html
>
> can come in help.
Yes, the reasoning of that patch seems correct, and merging it would fix the
problem also IMHO. I've just looked at reasoning behind patch refusal.
I've followed the link on the email, and found the containing thread. Reading
the thread from this point onwards may explain a bit more:
http://marc.theaimsgroup.com/?l=full-disclosure&m=107451398723595&w=2
So, allowing /lib/ld-linux.so.2 /tmp/foo to work is bad (right) and that
questionable patch to fix it was merged. A more proper patch would be needed
to fix that.
One of the strongest technical reasons for the patch to do that is that
mapping with PROT_READ and remapping with PROT_EXEC is allowed.
However, this also shows a possible horrible workaround for both UML and
dosemu, i.e. exploiting this missing check.
Both trivial to implement and kludgy to do. What do you think?
> Would it be possible to manage this issue/need in order
> to introduce this patch in the kernel?
We can fix this issue by trying to merge the patch, if you mean this (I do not
understand well your sentence), but it seems difficult to merge it.
> What do you think it would be good to fix this issue?
> Thank you in advance
>
> SteX
>
> [*]
>
> > On Wed, Nov 08, 2006 at 01:57:36AM +0200, shaulka at 012.net.il wrote:
> > Dear,
> >
> > > I can't run rootstrap. I believe the reason is
> > >
> > > http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=386945
> > >
> > > Just want to make sure you are aware of that.
> > >
> > > While searching about it, I came across
> > > http://uwsg.iu.edu/hypermail/linux/kernel/0609.2/1537.html.
> >
> > please, have a look at the #396506 which reported the same question, and
> > Mattia answered that it was already fixed in "sysvinit-2.86.ds1-28". This
> > should be ready for etch.
--
Inform me of my mistakes, so I can add them to my list!
Paolo Giarrusso, aka Blaisorblade
http://www.user-mode-linux.org/~blaisorblade
Chiacchiera con i tuoi amici in tempo reale!
http://it.yahoo.com/mail_it/foot/*http://it.messenger.yahoo.com
More information about the Pkg-uml-devel
mailing list