diff options
author | Natanael Copa <ncopa@alpinelinux.org> | 2013-10-02 08:35:51 +0000 |
---|---|---|
committer | Natanael Copa <ncopa@alpinelinux.org> | 2013-10-02 08:35:51 +0000 |
commit | 0407e45a283ccf781eea4aed24703cec49a721f9 (patch) | |
tree | 65f7db1b9e25010530baf0928bfb8d4b9e921aaf /main/linux-grsec | |
parent | 562765e842b43133319b1f084f0479ba4843abbe (diff) | |
download | aports-0407e45a283ccf781eea4aed24703cec49a721f9.tar.bz2 aports-0407e45a283ccf781eea4aed24703cec49a721f9.tar.xz |
main/linux-grsec: fix memory map for PIE applications (when randmmap is disabled)
Diffstat (limited to 'main/linux-grsec')
-rw-r--r-- | main/linux-grsec/APKBUILD | 6 | ||||
-rw-r--r-- | main/linux-grsec/fix-memory-map-for-PIE-applications.patch | 68 |
2 files changed, 73 insertions, 1 deletions
diff --git a/main/linux-grsec/APKBUILD b/main/linux-grsec/APKBUILD index 318e2c087f..926baa84c2 100644 --- a/main/linux-grsec/APKBUILD +++ b/main/linux-grsec/APKBUILD @@ -7,7 +7,7 @@ case $pkgver in *.*.*) _kernver=${pkgver%.*};; *.*) _kernver=${pkgver};; esac -pkgrel=0 +pkgrel=1 pkgdesc="Linux kernel with grsecurity" url=http://grsecurity.net depends="mkinitfs linux-firmware" @@ -25,6 +25,7 @@ source="http://ftp.kernel.org/pub/linux/kernel/v3.x/linux-$_kernver.tar.xz 0004-ipv4-rate-limit-updating-of-next-hop-exceptions-with.patch 0005-ipv4-use-separate-genid-for-next-hop-exceptions.patch 0006-ipv4-use-next-hop-exceptions-also-for-input-routes.patch + fix-memory-map-for-PIE-applications.patch kernelconfig.x86 kernelconfig.x86_64 @@ -157,6 +158,7 @@ aa454ffb96428586447775c21449e284 0003-ipv4-properly-refresh-rtable-entries-on-p 2a12a3717052e878c0cd42aa935bfcf4 0004-ipv4-rate-limit-updating-of-next-hop-exceptions-with.patch 6ce5fed63aad3f1a1ff1b9ba7b741822 0005-ipv4-use-separate-genid-for-next-hop-exceptions.patch 1a5800a2122ba0cc0d06733cb3bb8b8f 0006-ipv4-use-next-hop-exceptions-also-for-input-routes.patch +6564cb3165cdf3d0dc0910251d62fd62 fix-memory-map-for-PIE-applications.patch 866e6c4daed45d563829804f8ad50ed9 kernelconfig.x86 272aaddd0a19a5052208bc25551995a3 kernelconfig.x86_64" sha256sums="df27fa92d27a9c410bfe6c4a89f141638500d7eadcca5cce578954efc2ad3544 linux-3.10.tar.xz @@ -168,6 +170,7 @@ dc8e82108615657f1fb9d641efd42255a5761c06edde1b00a41ae0d314d548f0 0002-arp-flush 260fd1807838b68305a96992bf7d3302a2a8ef3a3b08fe079ba9a07e6422f736 0004-ipv4-rate-limit-updating-of-next-hop-exceptions-with.patch ae32bb72afa170e6c3788c564b342763aba5945afacc1e2ebfc096adf50d77a3 0005-ipv4-use-separate-genid-for-next-hop-exceptions.patch fc613ac466610b866b721c41836fd5bfb2d4b75bceb67972dc6369d7f62ff47e 0006-ipv4-use-next-hop-exceptions-also-for-input-routes.patch +090e3e8ebcf0f8649042e1b8411722c9ee77e2da111ff84a2ed1d379f0266415 fix-memory-map-for-PIE-applications.patch 7fd28634998ef1fddafed5f2516e902924245d2464b9e86476bfaa55ccfc3bc3 kernelconfig.x86 f2843ae4f9b3e3c27f3138ce4b740c2803bdab0c7a910c662d951843803b9554 kernelconfig.x86_64" sha512sums="5fb109fcbd59bf3dffc911b853894f0a84afa75151368f783a1252c5ff60c7a1504de216c0012be446df983e2dea400ad8eeed3ce04f24dc61d0ef76c174dc35 linux-3.10.tar.xz @@ -179,5 +182,6 @@ sha512sums="5fb109fcbd59bf3dffc911b853894f0a84afa75151368f783a1252c5ff60c7a1504d d2f578ad1d6e1fe52b55863e5bf338ae8201b828a498ec3e42e549c55295d3d1c6c3adfa9e226d711e3486628ed56ab996484e219d79ac4b0c0ec684ebd380aa 0004-ipv4-rate-limit-updating-of-next-hop-exceptions-with.patch 28a33e644bf2faf99c8dd6dbccfe14e140dfdd8824a8fb2d58aa7deb9e572f130d92b6b35ee181084050d82166bdf2e498a451a2a538a67b7ab84204405d2d87 0005-ipv4-use-separate-genid-for-next-hop-exceptions.patch 249140374c19a5599876268ff5b3cda2e136681aee103b4a9fff5d7d346f8e3295a907fb43db0701b8a9fece64c299ad2abac0434259cce6631307ce84090205 0006-ipv4-use-next-hop-exceptions-also-for-input-routes.patch +101aec800e6390f2dee26b496a033b325fb00108e72fc01b3cf6719b1d256526fbc8e7448b3a06b03ce02233b86703f1f2f31267c8e1a7f28a8f47235eaa0b4a fix-memory-map-for-PIE-applications.patch 1721542ff111c8ec550323dae6f6174131db180668cbf14f01dc4c76ffbbb479715919a80c35d8c8ac22a6479dd3b42700be6ddc5ef2a8b6a62de811c7ae86df kernelconfig.x86 d49bf57bd0aae17d762d87d5bf983e48219d71ca44bc0c3120db94d357192c07146a8938cef9d435218e4bb748691ec426387545837be637d47e45cdc4482d71 kernelconfig.x86_64" diff --git a/main/linux-grsec/fix-memory-map-for-PIE-applications.patch b/main/linux-grsec/fix-memory-map-for-PIE-applications.patch new file mode 100644 index 0000000000..0ef81cf93f --- /dev/null +++ b/main/linux-grsec/fix-memory-map-for-PIE-applications.patch @@ -0,0 +1,68 @@ +From 21f973f87f480e3d24f1cb6c22b71253d25a3ea1 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Timo=20Ter=C3=A4s?= <timo.teras@iki.fi> +Date: Tue, 1 Oct 2013 13:46:04 +0300 +Subject: [PATCH 3.10-grsec] fs/binfmt_elf: fix memory map for PIE applications +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +arch/*/include/asm/elf.h comments say: + ELF_ET_DYN_BASE is the location that an ET_DYN program is loaded + if exec'ed. Typical use of this is to invoke "./ld.so someprog" + to test out a new version of the loader. We need to make sure + that it is out of the way of the program that it will "exec", + and that there is sufficient room for the brk. + +In case we have main application linked as PIE, this can cause +problems as the main program itself is being loaded to this +alternate address. And this allows limited heap size. While +this is inevitable when exec'ing the interpreter directly, +we should do better for PIE applications. + +This fixes the loader to detect PIE application by checking if +elf_interpreter is requested. This images are loaded to beginning +of the address space instead of the specially crafted place for elf +interpreter. This allows full heap address space for PIE applications +and fixes random "out of memory" errors. + +Signed-off-by: Timo Teräs <timo.teras@iki.fi> +--- + fs/binfmt_elf.c | 14 ++++++-------- + 1 file changed, 6 insertions(+), 8 deletions(-) + +diff --git a/fs/binfmt_elf.c b/fs/binfmt_elf.c +index 6f036ed..06419af 100644 +--- a/fs/binfmt_elf.c ++++ b/fs/binfmt_elf.c +@@ -1217,21 +1217,19 @@ static int load_elf_binary(struct linux_binprm *bprm) + * default mmap base, as well as whatever program they + * might try to exec. This is because the brk will + * follow the loader, and is not movable. */ ++ if (elf_interpreter) ++ load_bias = 0x00400000UL; ++ else ++ load_bias = ELF_ET_DYN_BASE; + #ifdef CONFIG_ARCH_BINFMT_ELF_RANDOMIZE_PIE + /* Memory randomization might have been switched off + * in runtime via sysctl or explicit setting of + * personality flags. +- * If that is the case, retain the original non-zero +- * load_bias value in order to establish proper +- * non-randomized mappings. + */ + if (current->flags & PF_RANDOMIZE) +- load_bias = 0; +- else +- load_bias = ELF_PAGESTART(ELF_ET_DYN_BASE - vaddr); +-#else +- load_bias = ELF_PAGESTART(ELF_ET_DYN_BASE - vaddr); ++ load_bias = (get_random_int() & STACK_RND_MASK) << PAGE_SHIFT; + #endif ++ load_bias = ELF_PAGESTART(vaddr + load_bias); + + #ifdef CONFIG_PAX_RANDMMAP + /* PaX: randomize base address at the default exe base if requested */ +-- +1.8.4 + + |