NetBSD-Bugs archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: kern/52658: mmap() a file PaX MPROTECT can produce an unkillable process
The following reply was made to PR kern/52658; it has been noted by GNATS.
From: Utkarsh Anand <uanand009%gmail.com@localhost>
To: Kamil Rytarowski <n54%gmx.com@localhost>
Cc: gnats-bugs%netbsd.org@localhost, Dmitry Vyukov <dvyukov%google.com@localhost>
Subject: Re: kern/52658: mmap() a file PaX MPROTECT can produce an unkillable process
Date: Fri, 27 Oct 2017 17:16:14 +0530
--94eb2c1cd14a0f0ef0055c85d640
Content-Type: text/plain; charset="UTF-8"
I just tested taylor's fix and got:
# ktruss ./test
41 1 ktruss fcntl(0x4, 0x3, 0) = 4194305
41 1 ktruss emul(netbsd)
41 1 ktruss fcntl(0x4, 0x4, 0x400001) = 0
41 1 test execve("/root/./test", 0x7f7fff17fae8,
0x7f7fff17faf8) JUSTRETURN
41 1 test emul(netbsd)
41 1 test mmap(0, 0x8000, 0x3, 0x1002, 0xffffffff, 0, 0) =
0x7ed0fadf0000
41 1 test open("/etc/ld.so.conf", 0, 0x7f7f72a11790) Err#2
ENOENT
41 1 test open("/usr/lib/libc.so.12", 0, 0x3) = 3
41 1 test __fstat50(0x3, 0x7f7fffaa7d68) = 0
41 1 test mmap(0, 0x1000, 0x1, 0x1, 0x3, 0, 0) = 0x7ed0fadef000
41 1 test munmap(0x7ed0fadef000, 0x1000) = 0
41 1 test mmap(0, 0x381000, 0x5, 0x15000002, 0x3, 0, 0) =
0x7ed0faa00000
41 1 test mmap(0x7ed0fad61000, 0xd000, 0x3, 0x12, 0x3, 0,
0x161000) = 0x7ed0fad61000
41 1 test mmap(0x7ed0fad6e000, 0x13000, 0x3, 0x1012,
0xffffffff, 0, 0) = 0x7ed0fad6e000
41 1 test mprotect(0x7ed0fab61000, 0x200000, 0) = 0
41 1 test close(0x3) = 0
41 1 test mprotect(0x7ed0fad61000, 0x7000, 0x1) = 0
41 1 test _lwp_setprivate(0x7ed0fadf5048) = 0
41 1 test _lwp_self() = 1
41 1 test __sigprocmask14(0x1, 0x7f7fffaa8570, 0x7f7fffaa85e0)
= 0
41 1 test __sigprocmask14(0x3, 0x7f7fffaa85e0, 0) = 0
41 1 test __sysctl(0x7ed0fab318e8, 0x2, 0x7ed0fad7eb40,
0x7f7fffaa8508, 0, 0) = 0
41 1 test _lwp_self() = 1
41 1 test __sigprocmask14(0x1, 0x7f7fffaa8520, 0x7f7fffaa85e0)
= 0
41 1 test __sigprocmask14(0x3, 0x7f7fffaa85e0, 0) = 0
41 1 test open("1234567", 0x200, 0x8) = 3
41 1 test mmap(0x200000, 0x2000, 0x6, 0, 0x3, 0, 0) Err#13
EACCES
41 1 test _lwp_self() = 1
41 1 test __sigprocmask14(0x1, 0x7f7fffaa8550, 0x7f7fffaa8580)
= 0
41 1 test __sigprocmask14(0x3, 0x7f7fffaa8580, 0) = 0
41 1 test _lwp_self() = 1
41 1 test __sigprocmask14(0x1, 0x7f7fffaa8550, 0x7f7fffaa8580)
= 0
41 1 test __sigprocmask14(0x3, 0x7f7fffaa8580, 0) = 0
41 1 test exit(0)
# ps
PID TTY STAT TIME COMMAND
42 tty00 O+ 0:00.09 ps
391 tty00 S 0:00.53 -sh
438 tty00 Is 0:00.82 login
442 ttyE1 Is+ 0:00.08 /usr/libexec/getty Pc ttyE1
439 ttyE2 Is+ 0:00.07 /usr/libexec/getty Pc ttyE2
445 ttyE3 Is+ 0:00.07 /usr/libexec/getty Pc ttyE3
I believe that fixes the problem. So I'm committing the changes.
Thanks to all those involved.
Regards,
Utkarsh Anand
--94eb2c1cd14a0f0ef0055c85d640
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: base64
PGRpdiBkaXI9Imx0ciI+PGRpdj48ZGl2PjxkaXY+PGRpdj5JIGp1c3QgdGVzdGVkIHRheWxvciYj
Mzk7cyBmaXggYW5kIGdvdDo8YnI+PGJyPiMga3RydXNzIC4vdGVzdDxicj7CoMKgwqAgNDHCoMKg
wqDCoMKgIDEga3RydXNzwqDCoCBmY250bCgweDQsIDB4MywgMCnCoMKgwqDCoMKgwqDCoMKgwqAg
PSA0MTk0MzA1PGJyPsKgwqDCoCA0McKgwqDCoMKgwqAgMSBrdHJ1c3PCoMKgIGVtdWwobmV0YnNk
KTxicj7CoMKgwqAgNDHCoMKgwqDCoMKgIDEga3RydXNzwqDCoCBmY250bCgweDQsIDB4NCwgMHg0
MDAwMDEpwqDCoCA9IDA8YnI+wqDCoMKgIDQxwqDCoMKgwqDCoCAxIHRlc3TCoMKgwqDCoCBleGVj
dmUoJnF1b3Q7L3Jvb3QvLi90ZXN0JnF1b3Q7LCAweDdmN2ZmZjE3ZmFlOCwgMHg3ZjdmZmYxN2Zh
ZjgpIEpVU1RSRVRVUk48YnI+wqDCoMKgIDQxwqDCoMKgwqDCoCAxIHRlc3TCoMKgwqDCoCBlbXVs
KG5ldGJzZCk8YnI+wqDCoMKgIDQxwqDCoMKgwqDCoCAxIHRlc3TCoMKgwqDCoCBtbWFwKDAsIDB4
ODAwMCwgMHgzLCAweDEwMDIsIDB4ZmZmZmZmZmYsIDAsIDApID0gMHg3ZWQwZmFkZjAwMDA8YnI+
wqDCoMKgIDQxwqDCoMKgwqDCoCAxIHRlc3TCoMKgwqDCoCBvcGVuKCZxdW90Oy9ldGMvbGQuc28u
Y29uZiZxdW90OywgMCwgMHg3ZjdmNzJhMTE3OTApIEVyciMyIEVOT0VOVDxicj7CoMKgwqAgNDHC
oMKgwqDCoMKgIDEgdGVzdMKgwqDCoMKgIG9wZW4oJnF1b3Q7L3Vzci9saWIvbGliYy5zby4xMiZx
dW90OywgMCwgMHgzKSA9IDM8YnI+wqDCoMKgIDQxwqDCoMKgwqDCoCAxIHRlc3TCoMKgwqDCoCBf
X2ZzdGF0NTAoMHgzLCAweDdmN2ZmZmFhN2Q2OCkgPSAwPGJyPsKgwqDCoCA0McKgwqDCoMKgwqAg
MSB0ZXN0wqDCoMKgwqAgbW1hcCgwLCAweDEwMDAsIDB4MSwgMHgxLCAweDMsIDAsIDApID0gMHg3
ZWQwZmFkZWYwMDA8YnI+wqDCoMKgIDQxwqDCoMKgwqDCoCAxIHRlc3TCoMKgwqDCoCBtdW5tYXAo
MHg3ZWQwZmFkZWYwMDAsIDB4MTAwMCkgPSAwPGJyPsKgwqDCoCA0McKgwqDCoMKgwqAgMSB0ZXN0
wqDCoMKgwqAgbW1hcCgwLCAweDM4MTAwMCwgMHg1LCAweDE1MDAwMDAyLCAweDMsIDAsIDApID0g
MHg3ZWQwZmFhMDAwMDA8YnI+wqDCoMKgIDQxwqDCoMKgwqDCoCAxIHRlc3TCoMKgwqDCoCBtbWFw
KDB4N2VkMGZhZDYxMDAwLCAweGQwMDAsIDB4MywgMHgxMiwgMHgzLCAwLCAweDE2MTAwMCkgPSAw
eDdlZDBmYWQ2MTAwMDxicj7CoMKgwqAgNDHCoMKgwqDCoMKgIDEgdGVzdMKgwqDCoMKgIG1tYXAo
MHg3ZWQwZmFkNmUwMDAsIDB4MTMwMDAsIDB4MywgMHgxMDEyLCAweGZmZmZmZmZmLCAwLCAwKSA9
IDB4N2VkMGZhZDZlMDAwPGJyPsKgwqDCoCA0McKgwqDCoMKgwqAgMSB0ZXN0wqDCoMKgwqAgbXBy
b3RlY3QoMHg3ZWQwZmFiNjEwMDAsIDB4MjAwMDAwLCAwKSA9IDA8YnI+wqDCoMKgIDQxwqDCoMKg
wqDCoCAxIHRlc3TCoMKgwqDCoCBjbG9zZSgweDMpwqDCoMKgwqDCoMKgwqDCoMKgwqDCoMKgwqDC
oMKgwqDCoCA9IDA8YnI+wqDCoMKgIDQxwqDCoMKgwqDCoCAxIHRlc3TCoMKgwqDCoCBtcHJvdGVj
dCgweDdlZDBmYWQ2MTAwMCwgMHg3MDAwLCAweDEpID0gMDxicj7CoMKgwqAgNDHCoMKgwqDCoMKg
IDEgdGVzdMKgwqDCoMKgIF9sd3Bfc2V0cHJpdmF0ZSgweDdlZDBmYWRmNTA0OCkgPSAwPGJyPsKg
wqDCoCA0McKgwqDCoMKgwqAgMSB0ZXN0wqDCoMKgwqAgX2x3cF9zZWxmKCnCoMKgwqDCoMKgwqDC
oMKgwqDCoMKgwqDCoMKgwqDCoCA9IDE8YnI+wqDCoMKgIDQxwqDCoMKgwqDCoCAxIHRlc3TCoMKg
wqDCoCBfX3NpZ3Byb2NtYXNrMTQoMHgxLCAweDdmN2ZmZmFhODU3MCwgMHg3ZjdmZmZhYTg1ZTAp
ID0gMDxicj7CoMKgwqAgNDHCoMKgwqDCoMKgIDEgdGVzdMKgwqDCoMKgIF9fc2lncHJvY21hc2sx
NCgweDMsIDB4N2Y3ZmZmYWE4NWUwLCAwKSA9IDA8YnI+wqDCoMKgIDQxwqDCoMKgwqDCoCAxIHRl
c3TCoMKgwqDCoCBfX3N5c2N0bCgweDdlZDBmYWIzMThlOCwgMHgyLCAweDdlZDBmYWQ3ZWI0MCwg
MHg3ZjdmZmZhYTg1MDgsIDAsIDApID0gMDxicj7CoMKgwqAgNDHCoMKgwqDCoMKgIDEgdGVzdMKg
wqDCoMKgIF9sd3Bfc2VsZigpwqDCoMKgwqDCoMKgwqDCoMKgwqDCoMKgwqDCoMKgwqAgPSAxPGJy
PsKgwqDCoCA0McKgwqDCoMKgwqAgMSB0ZXN0wqDCoMKgwqAgX19zaWdwcm9jbWFzazE0KDB4MSwg
MHg3ZjdmZmZhYTg1MjAsIDB4N2Y3ZmZmYWE4NWUwKSA9IDA8YnI+wqDCoMKgIDQxwqDCoMKgwqDC
oCAxIHRlc3TCoMKgwqDCoCBfX3NpZ3Byb2NtYXNrMTQoMHgzLCAweDdmN2ZmZmFhODVlMCwgMCkg
PSAwPGJyPsKgwqDCoCA0McKgwqDCoMKgwqAgMSB0ZXN0wqDCoMKgwqAgb3BlbigmcXVvdDsxMjM0
NTY3JnF1b3Q7LCAweDIwMCwgMHg4KSA9IDM8YnI+wqDCoMKgIDQxwqDCoMKgwqDCoCAxIHRlc3TC
oMKgwqDCoCBtbWFwKDB4MjAwMDAwLCAweDIwMDAsIDB4NiwgMCwgMHgzLCAwLCAwKSBFcnIjMTMg
RUFDQ0VTPGJyPsKgwqDCoCA0McKgwqDCoMKgwqAgMSB0ZXN0wqDCoMKgwqAgX2x3cF9zZWxmKCnC
oMKgwqDCoMKgwqDCoMKgwqDCoMKgwqDCoMKgwqDCoCA9IDE8YnI+wqDCoMKgIDQxwqDCoMKgwqDC
oCAxIHRlc3TCoMKgwqDCoCBfX3NpZ3Byb2NtYXNrMTQoMHgxLCAweDdmN2ZmZmFhODU1MCwgMHg3
ZjdmZmZhYTg1ODApID0gMDxicj7CoMKgwqAgNDHCoMKgwqDCoMKgIDEgdGVzdMKgwqDCoMKgIF9f
c2lncHJvY21hc2sxNCgweDMsIDB4N2Y3ZmZmYWE4NTgwLCAwKSA9IDA8YnI+wqDCoMKgIDQxwqDC
oMKgwqDCoCAxIHRlc3TCoMKgwqDCoCBfbHdwX3NlbGYoKcKgwqDCoMKgwqDCoMKgwqDCoMKgwqDC
oMKgwqDCoMKgID0gMTxicj7CoMKgwqAgNDHCoMKgwqDCoMKgIDEgdGVzdMKgwqDCoMKgIF9fc2ln
cHJvY21hc2sxNCgweDEsIDB4N2Y3ZmZmYWE4NTUwLCAweDdmN2ZmZmFhODU4MCkgPSAwPGJyPsKg
wqDCoCA0McKgwqDCoMKgwqAgMSB0ZXN0wqDCoMKgwqAgX19zaWdwcm9jbWFzazE0KDB4MywgMHg3
ZjdmZmZhYTg1ODAsIDApID0gMDxicj7CoMKgwqAgNDHCoMKgwqDCoMKgIDEgdGVzdMKgwqDCoMKg
IGV4aXQoMCk8YnI+IyBwczxicj5QSUQgVFRZwqDCoCBTVEFUwqDCoMKgIFRJTUUgQ09NTUFORDxi
cj7CoDQyIHR0eTAwIE8rwqDCoCAwOjAwLjA5IHBzIDxicj4zOTEgdHR5MDAgU8KgwqDCoCAwOjAw
LjUzIC1zaCA8YnI+NDM4IHR0eTAwIElzwqDCoCAwOjAwLjgyIGxvZ2luIDxicj40NDIgdHR5RTEg
SXMrwqAgMDowMC4wOCAvdXNyL2xpYmV4ZWMvZ2V0dHkgUGMgdHR5RTEgPGJyPjQzOSB0dHlFMiBJ
cyvCoCAwOjAwLjA3IC91c3IvbGliZXhlYy9nZXR0eSBQYyB0dHlFMiA8YnI+NDQ1IHR0eUUzIElz
K8KgIDA6MDAuMDcgL3Vzci9saWJleGVjL2dldHR5IFBjIHR0eUUzPGJyPjxicj48L2Rpdj5JIGJl
bGlldmUgdGhhdCBmaXhlcyB0aGUgcHJvYmxlbS4gU28gSSYjMzk7bSBjb21taXR0aW5nIHRoZSBj
aGFuZ2VzLjxicj48L2Rpdj5UaGFua3MgdG8gYWxsIHRob3NlIGludm9sdmVkLjxicj48YnI+PC9k
aXY+UmVnYXJkcyw8YnI+PC9kaXY+VXRrYXJzaCBBbmFuZDxicj48L2Rpdj4NCg==
--94eb2c1cd14a0f0ef0055c85d640--
Home |
Main Index |
Thread Index |
Old Index