Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Wed, 26 Jun 2019 09:52:15 -0700
From: Andy Lutomirski <>
To: Florian Weimer <>
Cc: Andy Lutomirski <>, Thomas Gleixner <>, 
	Linux API <>, 
	Kernel Hardening <>,, 
	linux-arch <>, Kees Cook <>, 
	"Carlos O'Donell" <>, X86 ML <>
Subject: Re: Detecting the availability of VSYSCALL

On Wed, Jun 26, 2019 at 9:45 AM Florian Weimer <> wrote:
> * Andy Lutomirski:
> > Can’t an ELF note be done with some more or less ordinary asm such
> > that any link editor will insert it correctly?
> We've just been over this for the CET enablement.  ELF PT_NOTE parsing
> was rejected there.

No one told me this.  Unless I missed something, the latest kernel
patches still had PT_NOTE parsing.  Can you point me at an
enlightening thread or explain what happened?

> > The problem with a personality flag is that it needs to have some kind
> > of sensible behavior for setuid programs, and getting that right in a
> > way that doesn’t scream “exploit me” while preserving useful
> > compatibility may be tricky.
> Are restrictive personality flags still a problem with user namespaces?
> I think it would be fine to restrict this one to CAP_SYS_ADMIN.

We could possibly get away with this, but now we're introducing a
whole new mechanism.  I'd rather just add proper per-namespace
sysctls, but this is a pretty big hammer.

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.