From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.org!.POSTED!not-for-mail From: Daniel Colascione Newsgroups: gmane.emacs.devel Subject: Re: Preview: portable dumper Date: Tue, 29 Nov 2016 16:37:45 -0800 Message-ID: References: <047a67ec-9e29-7e4e-0fb0-24c3e59b5886@dancol.org> <9b6a0571-b2ae-a5dd-a643-3595e8f71cd6@cs.ucla.edu> NNTP-Posting-Host: blaine.gmane.org Mime-Version: 1.0 Content-Type: text/plain X-Trace: blaine.gmane.org 1480466311 15502 195.159.176.226 (30 Nov 2016 00:38:31 GMT) X-Complaints-To: usenet@blaine.gmane.org NNTP-Posting-Date: Wed, 30 Nov 2016 00:38:31 +0000 (UTC) User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/26.0.50 (gnu/linux) Cc: emacs-devel@gnu.org To: Paul Eggert Original-X-From: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Wed Nov 30 01:38:27 2016 Return-path: Envelope-to: ged-emacs-devel@m.gmane.org Original-Received: from lists.gnu.org ([208.118.235.17]) by blaine.gmane.org with esmtp (Exim 4.84_2) (envelope-from ) id 1cBsuo-0002zg-GK for ged-emacs-devel@m.gmane.org; Wed, 30 Nov 2016 01:38:26 +0100 Original-Received: from localhost ([::1]:39941 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1cBsus-0005UH-Av for ged-emacs-devel@m.gmane.org; Tue, 29 Nov 2016 19:38:30 -0500 Original-Received: from eggs.gnu.org ([2001:4830:134:3::10]:41648) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1cBsuH-0005UB-Uq for emacs-devel@gnu.org; Tue, 29 Nov 2016 19:37:54 -0500 Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1cBsuH-0007qF-0S for emacs-devel@gnu.org; Tue, 29 Nov 2016 19:37:53 -0500 Original-Received: from dancol.org ([2600:3c01::f03c:91ff:fedf:adf3]:58784) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1cBsuG-0007q6-NO for emacs-devel@gnu.org; Tue, 29 Nov 2016 19:37:52 -0500 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=dancol.org; s=x; h=Content-Type:MIME-Version:Message-ID:In-Reply-To:Date:References:Subject:Cc:To:From; bh=Ke5XWI/xjaVpg1iJHceflmRH/J/RUQyAUK0nQ+7DN5Q=; b=bwH8gx5qtTjQ5eIkx29rGZGAgNGML2W8gSWtdZ0LxTc9PaKR9UzDcs854Ch1paf8PIKXTL2b8gAZroK5s4HjJbzWAogRkbfoOsH3z8IYa4bu0wiVPI+GDqlF5pWWYOUvh2h5JKLylT9cpu7/jLcTJu9uoPL0UUDAH2diK7HCTr6xGiVXSyTVPZiYxCsiBdXqqF3aD5ZwIoCWezOYtFLmwyHX7AlaOAMVIV75Xav8BTCE+uQl2KsG89uDCJ1zROXnpbRSm4BsBSKzEuOoRQdRHvjbXOZNjNb6hM0qKwCqhjiTYgnAkgZxPCV5ZfD+4M3iltrJfaMQRJfRzNmuBCRtmQ==; Original-Received: from [2620:0:1008:1101:a803:88c3:331:8b1] (helo=dancol-glaptop0) by dancol.org with esmtpsa (TLS1.2:DHE_RSA_AES_128_CBC_SHA1:128) (Exim 4.84_2) (envelope-from ) id 1cBsuF-0006DE-M0; Tue, 29 Nov 2016 16:37:51 -0800 In-Reply-To: (Paul Eggert's message of "Tue\, 29 Nov 2016 14\:01\:35 -0800") X-detected-operating-system: by eggs.gnu.org: Genre and OS details not recognized. X-Received-From: 2600:3c01::f03c:91ff:fedf:adf3 X-BeenThere: emacs-devel@gnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: "Emacs development discussions." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Original-Sender: "Emacs-devel" Xref: news.gmane.org gmane.emacs.devel:209783 Archived-At: On Tue, Nov 29 2016, Paul Eggert wrote: > On 11/29/2016 01:50 PM, Daniel Colascione wrote: >> * We do store function pointers in the dump, and an attacker could >> theoretically overwrite one of these to point where she wanted --- but >> with all PROT_EXEC code in the process being randomized, where would >> she point the function pointer that's under her control? > > I'm more worried about the next level up. Although the dump is pure > data to the machine, it's not pure data to Elisp. Since the dump would > contain bytecodes, if attackers can alter the bytecodes then they can > execute whatever Elisp code they want. Good point. How about this? We'll let the PIC-ness of the Emacs executable (which we know at build time) control whether we try to map the dump at its preferred load address. If a user is running non-PIC, he's already vulnerable.