Go to:
Gentoo Home
Documentation
Forums
Lists
Bugs
Planet
Store
Wiki
Get Gentoo!
Gentoo's Bugzilla – Attachment 410516 Details for
Bug 559030
dev-lisp/sbcl: Fix handling of ASLR after program setup
Home
|
New
–
[Ex]
|
Browse
|
Search
|
Privacy Policy
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
patch to reenable ASLR after setup
sbcl-reenable-asrl.patch (text/plain), 1.95 KB, created by
Andreas Wiese
on 2015-08-28 13:41:31 UTC
(
hide
)
Description:
patch to reenable ASLR after setup
Filename:
MIME Type:
Creator:
Andreas Wiese
Created:
2015-08-28 13:41:31 UTC
Size:
1.95 KB
patch
obsolete
>commit a5b12abcf4e291de70397254e042619e19f73a98 >Author: Andreas Wiese <aw-devel@meterriblecrew.net> >Date: Thu Aug 27 16:54:14 2015 +0200 > > runtime/linux-os: Reenable ASLR after restart for forked children. > > If we detect that sbcl has been restarted due to enabled ASLR, call > personality() again to restore the default for forked children. Leaving > it disabled imposes a security risk. > >diff --git a/src/runtime/linux-os.c b/src/runtime/linux-os.c >index 33a3683..95e8cfa 100644 >--- a/src/runtime/linux-os.c >+++ b/src/runtime/linux-os.c >@@ -64,6 +64,7 @@ > /* Prototype for personality(2). Done inline here since the header file > * for this isn't available on old versions of glibc. */ > int personality (unsigned long); >+#define ADDR_NO_RANDOMIZE 0x0040000 > #else > #include <sys/personality.h> > #endif >@@ -261,9 +262,8 @@ os_init(char *argv[], char *envp[]) > || major_version >= 3) > { > int pers = personality(0xffffffffUL); >- /* 0x40000 aka. ADDR_NO_RANDOMIZE */ >- if (!(pers & 0x40000)) { >- int retval = personality(pers | 0x40000); >+ if (!(pers & ADDR_NO_RANDOMIZE)) { >+ int retval = personality(pers | ADDR_NO_RANDOMIZE); > /* Allegedly some Linux kernels (the reported case was > * "hardened Linux 2.6.7") won't set the new personality, > * but nor will they return -1 for an error. So as a >@@ -298,7 +298,12 @@ os_init(char *argv[], char *envp[]) > fprintf(stderr, "WARNING:\ > \nCouldn't re-execute SBCL with proper personality flags (/proc isn't mounted? setuid?)\ > \nTrying to continue anyway.\n"); >- } else { >+ } else if (getenv("SBCL_IS_RESTARTING")) { >+ /* We restarted due to previously enabled ASLR. Now, >+ * reenable it for fork()'ed children. */ >+ int pers = personality(0xffffffffUL); >+ personality(pers & ~ADDR_NO_RANDOMIZE); >+ > unsetenv("SBCL_IS_RESTARTING"); > } > }
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=410516">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 559030
: 410516
