diff options
author | Natanael Copa <ncopa@alpinelinux.org> | 2013-10-02 07:40:13 +0000 |
---|---|---|
committer | Natanael Copa <ncopa@alpinelinux.org> | 2013-10-02 11:53:34 +0000 |
commit | 51c2dd402a67512c6c21567ee76c81eb73ef1b64 (patch) | |
tree | d014a73530bd84489eb50120e600f4c86f3fa072 | |
parent | 918a9cd5b3fa24ad3890ec8992db5bf26fe4818c (diff) | |
download | alpine_aports-51c2dd402a67512c6c21567ee76c81eb73ef1b64.tar.bz2 alpine_aports-51c2dd402a67512c6c21567ee76c81eb73ef1b64.tar.xz alpine_aports-51c2dd402a67512c6c21567ee76c81eb73ef1b64.zip |
main/linux-vserver: fix memory map on PIE executables
(cherry picked from commit 543ea1b7436f575c6125a8b33b2547e9bbcc2a39)
-rw-r--r-- | main/linux-vserver/APKBUILD | 6 | ||||
-rw-r--r-- | main/linux-vserver/aslr-pie.patch | 68 |
2 files changed, 73 insertions, 1 deletions
diff --git a/main/linux-vserver/APKBUILD b/main/linux-vserver/APKBUILD index f65f98e2c5..08e3dfa3f5 100644 --- a/main/linux-vserver/APKBUILD +++ b/main/linux-vserver/APKBUILD | |||
@@ -3,7 +3,7 @@ | |||
3 | _flavor=vserver | 3 | _flavor=vserver |
4 | pkgname=linux-${_flavor} | 4 | pkgname=linux-${_flavor} |
5 | pkgver=3.4.63 | 5 | pkgver=3.4.63 |
6 | pkgrel=0 | 6 | pkgrel=1 |
7 | _vsver=vs2.3.3.9 | 7 | _vsver=vs2.3.3.9 |
8 | 8 | ||
9 | if [ "${pkgver##*.*.*}" = "$pkgver" ]; then | 9 | if [ "${pkgver##*.*.*}" = "$pkgver" ]; then |
@@ -22,6 +22,7 @@ install= | |||
22 | source="http://www.kernel.org/pub/linux/kernel/v3.x/linux-$_kernver.tar.xz | 22 | source="http://www.kernel.org/pub/linux/kernel/v3.x/linux-$_kernver.tar.xz |
23 | http://www.kernel.org/pub/linux/kernel/v3.x/patch-$pkgver.xz | 23 | http://www.kernel.org/pub/linux/kernel/v3.x/patch-$pkgver.xz |
24 | patch-$pkgver-$_vsver.diff | 24 | patch-$pkgver-$_vsver.diff |
25 | aslr-pie.patch | ||
25 | kernelconfig.x86 | 26 | kernelconfig.x86 |
26 | kernelconfig.x86_64 | 27 | kernelconfig.x86_64 |
27 | " | 28 | " |
@@ -138,15 +139,18 @@ dev() { | |||
138 | md5sums="967f72983655e2479f951195953e8480 linux-3.4.tar.xz | 139 | md5sums="967f72983655e2479f951195953e8480 linux-3.4.tar.xz |
139 | 44a633f8494b3e3008ace9e74c6b9e75 patch-3.4.63.xz | 140 | 44a633f8494b3e3008ace9e74c6b9e75 patch-3.4.63.xz |
140 | 296bcb44cdc4e776a938e203cbbd5151 patch-3.4.63-vs2.3.3.9.diff | 141 | 296bcb44cdc4e776a938e203cbbd5151 patch-3.4.63-vs2.3.3.9.diff |
142 | 5901bfca41ac6a557e12b48115d3d1b2 aslr-pie.patch | ||
141 | 1fce2ef2e47d19c150ab0b2df3373a57 kernelconfig.x86 | 143 | 1fce2ef2e47d19c150ab0b2df3373a57 kernelconfig.x86 |
142 | b6a18f4cb2523bbd2500809e61172f8f kernelconfig.x86_64" | 144 | b6a18f4cb2523bbd2500809e61172f8f kernelconfig.x86_64" |
143 | sha256sums="ff3dee6a855873d12487a6f4070ec2f7996d073019171361c955639664baa0c6 linux-3.4.tar.xz | 145 | sha256sums="ff3dee6a855873d12487a6f4070ec2f7996d073019171361c955639664baa0c6 linux-3.4.tar.xz |
144 | 436422cc2c0ac6243632561955c3ecefd3150d0ba061943f45600c0674e4da89 patch-3.4.63.xz | 146 | 436422cc2c0ac6243632561955c3ecefd3150d0ba061943f45600c0674e4da89 patch-3.4.63.xz |
145 | 2d722df186395a3592928a7166962d503ae5bd726b47ee5eb9a60d39c39f159a patch-3.4.63-vs2.3.3.9.diff | 147 | 2d722df186395a3592928a7166962d503ae5bd726b47ee5eb9a60d39c39f159a patch-3.4.63-vs2.3.3.9.diff |
148 | 37ad5b5f44fcc119f71c81e8cda376c13ecc04f785bd2e1892782def6f5cfae3 aslr-pie.patch | ||
146 | e97b45a117671c5a87a9ba4a1f946125053eac078d297f61f9c8d4594acbf830 kernelconfig.x86 | 149 | e97b45a117671c5a87a9ba4a1f946125053eac078d297f61f9c8d4594acbf830 kernelconfig.x86 |
147 | d44d1a1be3402847f540cc0cfb201deec7084b4c516e592b92e115ab3f71d4b5 kernelconfig.x86_64" | 150 | d44d1a1be3402847f540cc0cfb201deec7084b4c516e592b92e115ab3f71d4b5 kernelconfig.x86_64" |
148 | sha512sums="1c49b336750c9c2b49d21e54126f22a800367296be0d57e6df28b1532cbeba7fc3bdf4cfe27d9810576e76c2db2e9c2493f0804451c915137cb78d7aa61f236c linux-3.4.tar.xz | 151 | sha512sums="1c49b336750c9c2b49d21e54126f22a800367296be0d57e6df28b1532cbeba7fc3bdf4cfe27d9810576e76c2db2e9c2493f0804451c915137cb78d7aa61f236c linux-3.4.tar.xz |
149 | c8d4e56062e3f1bdbb3c3b46cd6db42f63e6b86c6a1a45d181eb0160a1c7ecca13928f61484f949d6c968e437f275d43bca035a44c742f78d2cf77db1bcca1aa patch-3.4.63.xz | 152 | c8d4e56062e3f1bdbb3c3b46cd6db42f63e6b86c6a1a45d181eb0160a1c7ecca13928f61484f949d6c968e437f275d43bca035a44c742f78d2cf77db1bcca1aa patch-3.4.63.xz |
150 | 26623fca09815baee653a8da5af46797bc0b54f250a09401ede64c71ad2c844a1b59e7a0c7fc024e5c9025ddf3109ef2d2aa49c3866daa9288861d0d326d7f83 patch-3.4.63-vs2.3.3.9.diff | 153 | 26623fca09815baee653a8da5af46797bc0b54f250a09401ede64c71ad2c844a1b59e7a0c7fc024e5c9025ddf3109ef2d2aa49c3866daa9288861d0d326d7f83 patch-3.4.63-vs2.3.3.9.diff |
154 | 0314ff29551dfde45fe05d43cb571348d955b5338b33acb26e29fa80f73ef28f34bbdf01006e4aecee372f3863517357a99cdec08b183a8dd9121ee9d0314b2e aslr-pie.patch | ||
151 | f12f999c84f724a4ac20a736c7f56671e23b2a9ddce4b0576dc17d0b3e8f319f5c4bc40b58992eba75ace44148018d85de24b2516d0a83240cd0ca3803606eae kernelconfig.x86 | 155 | f12f999c84f724a4ac20a736c7f56671e23b2a9ddce4b0576dc17d0b3e8f319f5c4bc40b58992eba75ace44148018d85de24b2516d0a83240cd0ca3803606eae kernelconfig.x86 |
152 | 4cf43a7fc609e9822919e5706f38c03ef72deae2eae6b7d4c4ca7f9f29bccd1f01c0d65660a0c5234df6c2123a1d0c797dbdcb57ca5559e39644704426657f3e kernelconfig.x86_64" | 156 | 4cf43a7fc609e9822919e5706f38c03ef72deae2eae6b7d4c4ca7f9f29bccd1f01c0d65660a0c5234df6c2123a1d0c797dbdcb57ca5559e39644704426657f3e kernelconfig.x86_64" |
diff --git a/main/linux-vserver/aslr-pie.patch b/main/linux-vserver/aslr-pie.patch new file mode 100644 index 0000000000..8b907e447e --- /dev/null +++ b/main/linux-vserver/aslr-pie.patch | |||
@@ -0,0 +1,68 @@ | |||
1 | From a72b1fccf6c7c54c7a3ceef525b615b26b38f4a4 Mon Sep 17 00:00:00 2001 | ||
2 | From: =?UTF-8?q?Timo=20Ter=C3=A4s?= <timo.teras@iki.fi> | ||
3 | Date: Tue, 1 Oct 2013 13:46:04 +0300 | ||
4 | Subject: [PATCH 3.4.63-vanilla] fs/binfmt_elf: fix memory map for PIE applications | ||
5 | MIME-Version: 1.0 | ||
6 | Content-Type: text/plain; charset=UTF-8 | ||
7 | Content-Transfer-Encoding: 8bit | ||
8 | |||
9 | arch/x86/include/asm/elf.h comment says: | ||
10 | " | ||
11 | ELF_ET_DYN_BASE is the location that an ET_DYN program is loaded | ||
12 | if exec'ed. Typical use of this is to invoke "./ld.so someprog" | ||
13 | to test out a new version of the loader. We need to make sure | ||
14 | that it is out of the way of the program that it will "exec", | ||
15 | and that there is sufficient room for the brk. | ||
16 | " | ||
17 | |||
18 | In case we have main application linked as PIE, this will cause | ||
19 | problems as the main program itself will go the memory location | ||
20 | that allows very little heap. | ||
21 | |||
22 | This fixes the loader to detect PIE application by checking if | ||
23 | elf_interpreter is requested, and loads them to beginning of the | ||
24 | address space instead of the specially crafted place for elf | ||
25 | interpreter. | ||
26 | |||
27 | Signed-off-by: Timo Teräs <timo.teras@iki.fi> | ||
28 | --- | ||
29 | fs/binfmt_elf.c | 17 ++++++++--------- | ||
30 | 1 file changed, 8 insertions(+), 9 deletions(-) | ||
31 | |||
32 | diff --git a/fs/binfmt_elf.c b/fs/binfmt_elf.c | ||
33 | index a009b9e..b3723a2 100644 | ||
34 | --- a/fs/binfmt_elf.c | ||
35 | +++ b/fs/binfmt_elf.c | ||
36 | @@ -790,20 +790,19 @@ static int load_elf_binary(struct linux_binprm *bprm, struct pt_regs *regs) | ||
37 | * default mmap base, as well as whatever program they | ||
38 | * might try to exec. This is because the brk will | ||
39 | * follow the loader, and is not movable. */ | ||
40 | + if (elf_interpreter) | ||
41 | + load_bias = 0x00400000UL; | ||
42 | + else | ||
43 | + load_bias = ELF_ET_DYN_BASE; | ||
44 | #ifdef CONFIG_ARCH_BINFMT_ELF_RANDOMIZE_PIE | ||
45 | /* Memory randomization might have been switched off | ||
46 | - * in runtime via sysctl. | ||
47 | - * If that is the case, retain the original non-zero | ||
48 | - * load_bias value in order to establish proper | ||
49 | - * non-randomized mappings. | ||
50 | + * in runtime via sysctl or explicit setting of | ||
51 | + * ersonality flags. | ||
52 | */ | ||
53 | if (current->flags & PF_RANDOMIZE) | ||
54 | - load_bias = 0; | ||
55 | - else | ||
56 | - load_bias = ELF_PAGESTART(ELF_ET_DYN_BASE - vaddr); | ||
57 | -#else | ||
58 | - load_bias = ELF_PAGESTART(ELF_ET_DYN_BASE - vaddr); | ||
59 | + load_bias += (get_random_int() & STACK_RND_MASK) << PAGE_SHIFT; | ||
60 | #endif | ||
61 | + load_bias = ELF_PAGESTART(vaddr + load_bias); | ||
62 | } | ||
63 | |||
64 | error = elf_map(bprm->file, load_bias + vaddr, elf_ppnt, | ||
65 | -- | ||
66 | 1.8.4 | ||
67 | |||
68 | |||