From: Yang Ming <ming.1.yang@nokia-sbell.com>
To: Stephen Hemminger <stephen@networkplumber.org>
Cc: Anatoly Burakov <anatoly.burakov@intel.com>,
dev@dpdk.org, stable@dpdk.org
Subject: Re: [PATCH] eal/linux: enhance ASLR verification
Date: Wed, 12 Mar 2025 11:13:27 +0800 [thread overview]
Message-ID: <82920758-20eb-442c-a62b-a3babb65bfa7@nokia-sbell.com> (raw)
In-Reply-To: <20250310144310.70ba71e6@hermes.local>
On 2025/3/11 05:43, Stephen Hemminger wrote:
> Caution: This is an external email. Please be very careful when clicking links or opening attachments. See http://nok.it/nsb for additional information.
>
> On Fri, 28 Feb 2025 17:44:04 +0800
> Yang Ming <ming.1.yang@nokia-sbell.com> wrote:
>
>> This change ensures that the current process is checked for
>> being run with 'setarch' before verifying the value of
>> '/proc/sys/kernel/randomize_va_space'. The '-R' or
>> '--addr-no-randomize' parameter of the 'setarch' command is used
>> to disable the randomization of the virtual address space.
>>
>> Fixes: af75078fece3 ("first public release")
>> Cc: stable@dpdk.org
>>
>> Signed-off-by: Yang Ming <ming.1.yang@nokia-sbell.com>
> Looks good, I wonder if the personality() check can supersede the need
> to reference sysfs here?
>
Hi Stephen,
Thank you for your feedback. The personality() check is indeed a useful
addition to determine if the current process is executed with the
ADDR_NO_RANDOMIZE flag set, which can disable ASLR (Address Space Layout
Randomization).
However, relying solely on the personality() check may not be sufficient
in all scenarios. The personality() function checks the attributes of
the current process, but it does not provide information about the
system-wide ASLR settings, which are typically controlled via sysfs
(/proc/sys/kernel/randomize_va_space). The sysfs file
RANDOMIZE_VA_SPACE_FILE indicates the global ASLR setting for the entire
system, which can affect all processes.
By including both checks, we ensure comprehensive coverage:
1. The personality() check verifies if the current process has ASLR
disabled.
2. The sysfs reference checks the global ASLR setting, which affects all
processes.
Therefore, while the personality() check is valuable, it does not
entirely supersede the need to reference sysfs. Both checks together
provide a more robust determination of ASLR status.
Brs,
Yang Ming
prev parent reply other threads:[~2025-03-12 3:13 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-02-28 9:44 Yang Ming
2025-03-10 21:43 ` Stephen Hemminger
2025-03-12 3:13 ` Yang Ming [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=82920758-20eb-442c-a62b-a3babb65bfa7@nokia-sbell.com \
--to=ming.1.yang@nokia-sbell.com \
--cc=anatoly.burakov@intel.com \
--cc=dev@dpdk.org \
--cc=stable@dpdk.org \
--cc=stephen@networkplumber.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).