unofficial mirror of emacs-devel@gnu.org 
 help / color / mirror / code / Atom feed
* Needed for the release
@ 2005-06-10  0:14 Richard Stallman
  2005-06-10 10:40 ` Masatake YAMATO
  0 siblings, 1 reply; 16+ messages in thread
From: Richard Stallman @ 2005-06-10  0:14 UTC (permalink / raw)


We need someone to fix the problem that unexelf.c has in dumping with
some recent Linux versions used by Red Hat GNU/Linux.  This is a very
serious problem.  Would someone please work on it?

Please write to me if you start to work on this.

^ permalink raw reply	[flat|nested] 16+ messages in thread

* Re: Needed for the release
  2005-06-10  0:14 Needed for the release Richard Stallman
@ 2005-06-10 10:40 ` Masatake YAMATO
  2005-06-10 22:37   ` Richard Stallman
  0 siblings, 1 reply; 16+ messages in thread
From: Masatake YAMATO @ 2005-06-10 10:40 UTC (permalink / raw)
  Cc: emacs-devel

> We need someone to fix the problem that unexelf.c has in dumping with
> some recent Linux versions used by Red Hat GNU/Linux.  This is a very
> serious problem.  Would someone please work on it?

How can I reproduce the problem?
Could you give me a pointer to know more? 

^ permalink raw reply	[flat|nested] 16+ messages in thread

* Re: Needed for the release
  2005-06-10 10:40 ` Masatake YAMATO
@ 2005-06-10 22:37   ` Richard Stallman
  2005-06-10 23:34     ` David Kastrup
  0 siblings, 1 reply; 16+ messages in thread
From: Richard Stallman @ 2005-06-10 22:37 UTC (permalink / raw)
  Cc: emacs-devel

What I remember is that Red Hat enables a feature in Linux that (I
believe) uses the address space differently.  unexelf.c doesn't handle
it right.

I don't remember the name of the feature, but I'm sure other people
on this list remember the name.

^ permalink raw reply	[flat|nested] 16+ messages in thread

* Re: Needed for the release
  2005-06-10 22:37   ` Richard Stallman
@ 2005-06-10 23:34     ` David Kastrup
  2005-06-11  5:50       ` jhd
                         ` (2 more replies)
  0 siblings, 3 replies; 16+ messages in thread
From: David Kastrup @ 2005-06-10 23:34 UTC (permalink / raw)
  Cc: Masatake YAMATO, emacs-devel

Richard Stallman <rms@gnu.org> writes:

> What I remember is that Red Hat enables a feature in Linux that (I
> believe) uses the address space differently.  unexelf.c doesn't handle
> it right.
>
> I don't remember the name of the feature, but I'm sure other people
> on this list remember the name.

exec_shield is one such feature, and newer kernels use something like,
uh, /proc/sys/vm/randomize_... (I don't remember the particular name
right now and don't have a Fedora active).  The latter loaded
executables' memory segments into randomized locations to make buffer
overflow attacks less predictable.

exec_shield could be gotten around with using
setarch i386 make
and configure does that already IIRC.  But the address space
randomization was prohibiting the dumping even with the setarch
command.

-- 
David Kastrup, Kriemhildstr. 15, 44793 Bochum

^ permalink raw reply	[flat|nested] 16+ messages in thread

* Re: Needed for the release
  2005-06-10 23:34     ` David Kastrup
@ 2005-06-11  5:50       ` jhd
  2005-06-11 23:17       ` Richard Stallman
  2005-06-16  4:22       ` Masatake YAMATO
  2 siblings, 0 replies; 16+ messages in thread
From: jhd @ 2005-06-11  5:50 UTC (permalink / raw)
  Cc: Masatake YAMATO, rms, emacs-devel


11 jun 2005 kl. 01.34 skrev David Kastrup:

> Richard Stallman <rms@gnu.org> writes:
>
>
>> What I remember is that Red Hat enables a feature in Linux that (I
>> believe) uses the address space differently.  unexelf.c doesn't  
>> handle
>> it right.
>>
>> I don't remember the name of the feature, but I'm sure other people
>> on this list remember the name.
>>
>
> exec_shield is one such feature, and newer kernels use something like,
> uh, /proc/sys/vm/randomize_... (I don't remember the particular name
> right now and don't have a Fedora active).  The latter loaded
> executables' memory segments into randomized locations to make buffer
> overflow attacks less predictable.
>
> exec_shield could be gotten around with using
> setarch i386 make
> and configure does that already IIRC.  But the address space
> randomization was prohibiting the dumping even with the setarch
> command.

There is some info in etc/PROBLEMS, and some information here:

http://www.redhat.com/f/pdf/rhel/WHP0006US_Execshield.pdf
http://people.redhat.com/drepper/nonselsec.pdf

And if you search for Exec-shield here:
http://www.redhat.com/docs/manuals/enterprise/RHEL-3-Manual/release- 
notes/as-x86/RELEASE-NOTES-U3-x86-en.html


They don't describe the new randomizing features though.

     Jan D.

^ permalink raw reply	[flat|nested] 16+ messages in thread

* Re: Needed for the release
  2005-06-10 23:34     ` David Kastrup
  2005-06-11  5:50       ` jhd
@ 2005-06-11 23:17       ` Richard Stallman
  2005-06-16  4:29         ` Masatake YAMATO
  2005-06-16  4:22       ` Masatake YAMATO
  2 siblings, 1 reply; 16+ messages in thread
From: Richard Stallman @ 2005-06-11 23:17 UTC (permalink / raw)
  Cc: jet, emacs-devel

    exec_shield could be gotten around with using
    setarch i386 make
    and configure does that already IIRC.  But the address space
    randomization was prohibiting the dumping even with the setarch
    command.

It may be possible for unexec to get around that problem by writing a
suitable kind of file that won't allow the randomization.  It might
need to deal with the effects of randomization at the time temacs was
run, but this might not be impossible.  One would need to study the
details of the feature.

Masatake-san, would you like to study the details and see?

    They don't describe the new randomizing features though.

If we can't find any documentation of these features,
we can try asking people in Red Hat to describe them.
I have some contacts to ask.

Another idea is to arrange to use CANNOT_DUMP
on those systems.

^ permalink raw reply	[flat|nested] 16+ messages in thread

* Re: Needed for the release
  2005-06-10 23:34     ` David Kastrup
  2005-06-11  5:50       ` jhd
  2005-06-11 23:17       ` Richard Stallman
@ 2005-06-16  4:22       ` Masatake YAMATO
  2005-06-16  4:44         ` Masatake YAMATO
                           ` (2 more replies)
  2 siblings, 3 replies; 16+ messages in thread
From: Masatake YAMATO @ 2005-06-16  4:22 UTC (permalink / raw)
  Cc: rms, emacs-devel

Sorry to be late.

> Richard Stallman <rms@gnu.org> writes:
> 
> > What I remember is that Red Hat enables a feature in Linux that (I
> > believe) uses the address space differently.  unexelf.c doesn't handle
> > it right.
> >
> > I don't remember the name of the feature, but I'm sure other people
> > on this list remember the name.
> 
> exec_shield is one such feature, and newer kernels use something like,
> uh, /proc/sys/vm/randomize_... (I don't remember the particular name
> right now and don't have a Fedora active).  The latter loaded
> executables' memory segments into randomized locations to make buffer
> overflow attacks less predictable.
> 
> exec_shield could be gotten around with using
> setarch i386 make
> and configure does that already IIRC.  But the address space
> randomization was prohibiting the dumping even with the setarch
> command.

Could you tell me the kernel version or the OS version?

I'm using Fedora core 1 and Fedora core 3.
I cannot reproduce the problem on the platforms.

^ permalink raw reply	[flat|nested] 16+ messages in thread

* Re: Needed for the release
  2005-06-11 23:17       ` Richard Stallman
@ 2005-06-16  4:29         ` Masatake YAMATO
  2005-06-16 18:56           ` Michael Welsh Duggan
  0 siblings, 1 reply; 16+ messages in thread
From: Masatake YAMATO @ 2005-06-16  4:29 UTC (permalink / raw)
  Cc: emacs-devel

>     exec_shield could be gotten around with using
>     setarch i386 make
>     and configure does that already IIRC.  But the address space
>     randomization was prohibiting the dumping even with the setarch
>     command.
> 
> It may be possible for unexec to get around that problem by writing a
> suitable kind of file that won't allow the randomization.  It might
> need to deal with the effects of randomization at the time temacs was
> run, but this might not be impossible.  One would need to study the
> details of the feature.
> 
> Masatake-san, would you like to study the details and see?
> 
>     They don't describe the new randomizing features though.
> 
> If we can't find any documentation of these features,
> we can try asking people in Red Hat to describe them.
> I have some contacts to ask.

I can do it by myself. I'm at Red hat:-)
Give me time.

Masatake

^ permalink raw reply	[flat|nested] 16+ messages in thread

* Re: Needed for the release
  2005-06-16  4:22       ` Masatake YAMATO
@ 2005-06-16  4:44         ` Masatake YAMATO
  2005-06-16  7:53         ` David Kastrup
  2005-06-16 16:48         ` Dan Nicolaescu
  2 siblings, 0 replies; 16+ messages in thread
From: Masatake YAMATO @ 2005-06-16  4:44 UTC (permalink / raw)
  Cc: rms, emacs-devel

> > Richard Stallman <rms@gnu.org> writes:
> > 
> > > What I remember is that Red Hat enables a feature in Linux that (I
> > > believe) uses the address space differently.  unexelf.c doesn't handle
> > > it right.
> > >
> > > I don't remember the name of the feature, but I'm sure other people
> > > on this list remember the name.
> > 
> > exec_shield is one such feature, and newer kernels use something like,
> > uh, /proc/sys/vm/randomize_... (I don't remember the particular name
> > right now and don't have a Fedora active).  The latter loaded
> > executables' memory segments into randomized locations to make buffer
> > overflow attacks less predictable.
> > 
> > exec_shield could be gotten around with using
> > setarch i386 make
> > and configure does that already IIRC.  But the address space
> > randomization was prohibiting the dumping even with the setarch
> > command.
> 
> Could you tell me the kernel version or the OS version?

What I'd like to say is I cannot reproduce the problem.
Emacs can be built fine on my computers.

^ permalink raw reply	[flat|nested] 16+ messages in thread

* Re: Needed for the release
  2005-06-16  4:22       ` Masatake YAMATO
  2005-06-16  4:44         ` Masatake YAMATO
@ 2005-06-16  7:53         ` David Kastrup
  2005-06-16 15:01           ` jhd
  2005-06-16 16:48         ` Dan Nicolaescu
  2 siblings, 1 reply; 16+ messages in thread
From: David Kastrup @ 2005-06-16  7:53 UTC (permalink / raw)
  Cc: rms, emacs-devel

Masatake YAMATO <jet@gyve.org> writes:

> Sorry to be late.
>
>> exec_shield is one such feature, and newer kernels use something
>> like, uh, /proc/sys/vm/randomize_... (I don't remember the
>> particular name right now and don't have a Fedora active).  The
>> latter loaded executables' memory segments into randomized
>> locations to make buffer overflow attacks less predictable.
>> 
>> exec_shield could be gotten around with using
>> setarch i386 make
>> and configure does that already IIRC.  But the address space
>> randomization was prohibiting the dumping even with the setarch
>> command.
>
> Could you tell me the kernel version or the OS version?
>
> I'm using Fedora core 1 and Fedora core 3.
> I cannot reproduce the problem on the platforms.

It was introduced some time after Fedora core 3 in their development
sources.  I switched to Ubuntu a short time after that.  It is
possible that the feature did not make it switched on by default into
the final FC4 release, but I can't tell since I stopped updating it
after that.

-- 
David Kastrup, Kriemhildstr. 15, 44793 Bochum

^ permalink raw reply	[flat|nested] 16+ messages in thread

* Re: Needed for the release
  2005-06-16  7:53         ` David Kastrup
@ 2005-06-16 15:01           ` jhd
  2005-06-17  4:38             ` Richard Stallman
  0 siblings, 1 reply; 16+ messages in thread
From: jhd @ 2005-06-16 15:01 UTC (permalink / raw)
  Cc: Masatake YAMATO, rms, emacs-devel

> Masatake YAMATO <jet@gyve.org> writes:
>
>
>> Sorry to be late.
>>
>>
>>> exec_shield is one such feature, and newer kernels use something
>>> like, uh, /proc/sys/vm/randomize_... (I don't remember the
>>> particular name right now and don't have a Fedora active).  The
>>> latter loaded executables' memory segments into randomized
>>> locations to make buffer overflow attacks less predictable.
>>>
>>> exec_shield could be gotten around with using
>>> setarch i386 make
>>> and configure does that already IIRC.  But the address space
>>> randomization was prohibiting the dumping even with the setarch
>>> command.
>>>
>>
>> Could you tell me the kernel version or the OS version?
>>
>> I'm using Fedora core 1 and Fedora core 3.
>> I cannot reproduce the problem on the platforms.
>>
>
> It was introduced some time after Fedora core 3 in their development
> sources.  I switched to Ubuntu a short time after that.  It is
> possible that the feature did not make it switched on by default into
> the final FC4 release, but I can't tell since I stopped updating it
> after that.


If exec-shield is disabled or if the workaround in emacs.c works you  
won't see any problems.  But the workaround is to set personality to  
PER_LINUX32 and that may have other problems.  For example, does it  
work on a 64-bit system?  What about non-x86 architectures?  Does  
setting PER_LINUX32 have other side effects?

Ideally unexec should handle the case where heap and bss is not next  
to each other, and then this workaround can be removed.

     Jan D.

^ permalink raw reply	[flat|nested] 16+ messages in thread

* Re: Needed for the release
  2005-06-16  4:22       ` Masatake YAMATO
  2005-06-16  4:44         ` Masatake YAMATO
  2005-06-16  7:53         ` David Kastrup
@ 2005-06-16 16:48         ` Dan Nicolaescu
  2005-06-16 16:52           ` Masatake YAMATO
  2005-06-17  1:00           ` James Cloos
  2 siblings, 2 replies; 16+ messages in thread
From: Dan Nicolaescu @ 2005-06-16 16:48 UTC (permalink / raw)
  Cc: rms, emacs-devel

Masatake YAMATO <jet@gyve.org> writes:

  > Sorry to be late.
  > 
  > > Richard Stallman <rms@gnu.org> writes:
  > > 
  > > > What I remember is that Red Hat enables a feature in Linux that (I
  > > > believe) uses the address space differently.  unexelf.c doesn't handle
  > > > it right.
  > > >
  > > > I don't remember the name of the feature, but I'm sure other people
  > > > on this list remember the name.
  > > 
  > > exec_shield is one such feature, and newer kernels use something like,
  > > uh, /proc/sys/vm/randomize_... (I don't remember the particular name
  > > right now and don't have a Fedora active).  The latter loaded
  > > executables' memory segments into randomized locations to make buffer
  > > overflow attacks less predictable.
  > > 
  > > exec_shield could be gotten around with using
  > > setarch i386 make
  > > and configure does that already IIRC.  But the address space
  > > randomization was prohibiting the dumping even with the setarch
  > > command.
  > 
  > Could you tell me the kernel version or the OS version?
  > 
  > I'm using Fedora core 1 and Fedora core 3.
  > I cannot reproduce the problem on the platforms.

The problem occurs in Fedora Core 4.
On a FC4 system:
echo 0 > /proc/sys/kernel/randomize_va_space
is required in order to be able to dump Emacs.

^ permalink raw reply	[flat|nested] 16+ messages in thread

* Re: Needed for the release
  2005-06-16 16:48         ` Dan Nicolaescu
@ 2005-06-16 16:52           ` Masatake YAMATO
  2005-06-17  1:00           ` James Cloos
  1 sibling, 0 replies; 16+ messages in thread
From: Masatake YAMATO @ 2005-06-16 16:52 UTC (permalink / raw)
  Cc: rms, emacs-devel

> Masatake YAMATO <jet@gyve.org> writes:
> 
>   > Sorry to be late.
>   > 
>   > > Richard Stallman <rms@gnu.org> writes:
>   > > 
>   > > > What I remember is that Red Hat enables a feature in Linux that (I
>   > > > believe) uses the address space differently.  unexelf.c doesn't handle
>   > > > it right.
>   > > >
>   > > > I don't remember the name of the feature, but I'm sure other people
>   > > > on this list remember the name.
>   > > 
>   > > exec_shield is one such feature, and newer kernels use something like,
>   > > uh, /proc/sys/vm/randomize_... (I don't remember the particular name
>   > > right now and don't have a Fedora active).  The latter loaded
>   > > executables' memory segments into randomized locations to make buffer
>   > > overflow attacks less predictable.
>   > > 
>   > > exec_shield could be gotten around with using
>   > > setarch i386 make
>   > > and configure does that already IIRC.  But the address space
>   > > randomization was prohibiting the dumping even with the setarch
>   > > command.
>   > 
>   > Could you tell me the kernel version or the OS version?
>   > 
>   > I'm using Fedora core 1 and Fedora core 3.
>   > I cannot reproduce the problem on the platforms.
> 
> The problem occurs in Fedora Core 4.
> On a FC4 system:
> echo 0 > /proc/sys/kernel/randomize_va_space
> is required in order to be able to dump Emacs.

Thank you. I'll update my FC3 pc.

Masatake

^ permalink raw reply	[flat|nested] 16+ messages in thread

* Re: Needed for the release
  2005-06-16  4:29         ` Masatake YAMATO
@ 2005-06-16 18:56           ` Michael Welsh Duggan
  0 siblings, 0 replies; 16+ messages in thread
From: Michael Welsh Duggan @ 2005-06-16 18:56 UTC (permalink / raw)
  Cc: rms, emacs-devel

Masatake YAMATO <jet@gyve.org> writes:

>>     exec_shield could be gotten around with using
>>     setarch i386 make
>>     and configure does that already IIRC.  But the address space
>>     randomization was prohibiting the dumping even with the setarch
>>     command.
>> 
>> It may be possible for unexec to get around that problem by writing a
>> suitable kind of file that won't allow the randomization.  It might
>> need to deal with the effects of randomization at the time temacs was
>> run, but this might not be impossible.  One would need to study the
>> details of the feature.
>> 
>> Masatake-san, would you like to study the details and see?
>> 
>>     They don't describe the new randomizing features though.
>> 
>> If we can't find any documentation of these features,
>> we can try asking people in Red Hat to describe them.
>> I have some contacts to ask.
>
> I can do it by myself. I'm at Red hat:-)
> Give me time.

I found the following which might help:

http://kernel.org/pub/linux/kernel/people/arjan/randomize/

-- 
Michael Welsh Duggan
(md5i@cs.cmu.edu)

^ permalink raw reply	[flat|nested] 16+ messages in thread

* Re: Needed for the release
  2005-06-16 16:48         ` Dan Nicolaescu
  2005-06-16 16:52           ` Masatake YAMATO
@ 2005-06-17  1:00           ` James Cloos
  1 sibling, 0 replies; 16+ messages in thread
From: James Cloos @ 2005-06-17  1:00 UTC (permalink / raw)
  Cc: Masatake YAMATO, rms, emacs-devel

>>>>> "Dan" == Dan Nicolaescu <dann@ics.uci.edu> writes:

Dan> The problem occurs in Fedora Core 4.  On a FC4 system:
Dan> echo 0 >/proc/sys/kernel/randomize_va_space is required
Dan> in order to be able to dump Emacs.

I've not had any problems dumping emacs with Linus' and Andrew's
recent kernels, which default to randomize_va_space=1.  It has
to be more than just that.  

The laptop is booted into 2.6.12-rc4-mm2 right now, and I just
updated a few hours ago.

Unless rh's patch to add randomize_va_space is different that what
Linus merged....

-JimC
-- 
James H. Cloos, Jr. <cloos@jhcloos.com>

^ permalink raw reply	[flat|nested] 16+ messages in thread

* Re: Needed for the release
  2005-06-16 15:01           ` jhd
@ 2005-06-17  4:38             ` Richard Stallman
  0 siblings, 0 replies; 16+ messages in thread
From: Richard Stallman @ 2005-06-17  4:38 UTC (permalink / raw)
  Cc: jet, emacs-devel

    Ideally unexec should handle the case where heap and bss is not next  
    to each other, and then this workaround can be removed.

Yes, that's the task that we need for the release, for
the sake of exec-shield.

But we also need something done to deal with the randomization feature.

^ permalink raw reply	[flat|nested] 16+ messages in thread

end of thread, other threads:[~2005-06-17  4:38 UTC | newest]

Thread overview: 16+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2005-06-10  0:14 Needed for the release Richard Stallman
2005-06-10 10:40 ` Masatake YAMATO
2005-06-10 22:37   ` Richard Stallman
2005-06-10 23:34     ` David Kastrup
2005-06-11  5:50       ` jhd
2005-06-11 23:17       ` Richard Stallman
2005-06-16  4:29         ` Masatake YAMATO
2005-06-16 18:56           ` Michael Welsh Duggan
2005-06-16  4:22       ` Masatake YAMATO
2005-06-16  4:44         ` Masatake YAMATO
2005-06-16  7:53         ` David Kastrup
2005-06-16 15:01           ` jhd
2005-06-17  4:38             ` Richard Stallman
2005-06-16 16:48         ` Dan Nicolaescu
2005-06-16 16:52           ` Masatake YAMATO
2005-06-17  1:00           ` James Cloos

Code repositories for project(s) associated with this public inbox

	https://git.savannah.gnu.org/cgit/emacs.git

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).