Dotan Barak a écrit :
Hi all.
I noticed that the code segment of the user level in PPC64 machines
is in a VMA with a write permission enabled.
I'm using the following machine attributes:
*************************************************************
Host Name : mtlsqt185
Host Architecture : ppc64
Linux Distribution: SUSE Linux Enterprise Server 10 (ppc) VERSION = 10
PATCHLEVEL = 1
Kernel Version : 2.6.16.53-0.16-ppc64
GCC Version : gcc (GCC) 4.1.2 20070115 (prerelease) (SUSE Linux)
Memory size : 1740232 kB
Number of CPUs : 8
cpu MHz : 4005.000000MHz
Driver Version : OFED-1.2.5.4-20071210-0614
HCA ID(s) : mlx4_0
HCA model(s) : 25418
FW version(s) : 2.3.906
Board(s) : IBM08A0000001
*************************************************************
I printed the address of a function in my program and i got the value
0x1005ac80.
I printed the VMAs in my process and i got the following output:
mtlsqt185:~ # cat /proc/17366/maps
00100000-00103000 r-xp 00100000 00:00 0
10000000-1004a000 r-xp 00000000 08:03 1063667
/tmp/tsscr/svn.mlx_tp/branches/ofed1.2.5/gen2/userspace/useraccess/gen2_basic/gen2_basic
1005a000-1005e000 rw-p 0004a000 08:03 1063667
/tmp/tsscr/svn.mlx_tp/branches/ofed1.2.5/gen2/userspace/useraccess/gen2_basic/gen2_basic
1005e000-1015f000 rw-p 1005e000 00:00 0
[heap]
Is this is a security hole (any virus can change the code in the code
segment ...)
can you please CC me the answers o this question?
This is because on PPC architecture, address of a function points to a small
data area (a function descriptor) where the caller can find informations about :
- Address (in the text segment, so readonly) of the target function
- Address of the TOC for this function.
http://www.linux-foundation.org/spec/ELF/ppc64/PPC-elf64abi-1.9.html#FUNC-ADDRESS
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
[Index of Archives]
[Kernel Newbies]
[Netfilter]
[Bugtraq]
[Photo]
[Stuff]
[Gimp]
[Yosemite News]
[MIPS Linux]
[ARM Linux]
[Linux Security]
[Linux RAID]
[Video 4 Linux]
[Linux for the blind]
[Linux Resources]