[GHC] #14069: RTS linker maps code as writable

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
6 messages Options
Reply | Threaded
Open this post in threaded view
|

[GHC] #14069: RTS linker maps code as writable

GHC - devs mailing list
#14069: RTS linker maps code as writable
-------------------------------------+-------------------------------------
           Reporter:  bgamari        |             Owner:  (none)
               Type:  bug            |            Status:  new
           Priority:  high           |         Milestone:  8.4.1
          Component:  Runtime        |           Version:  8.0.1
  System (Linker)                    |
           Keywords:                 |  Operating System:  Unknown/Multiple
       Architecture:                 |   Type of failure:  None/Unknown
  Unknown/Multiple                   |
          Test Case:                 |        Blocked By:
           Blocking:                 |   Related Tickets:
Differential Rev(s):                 |         Wiki Page:
-------------------------------------+-------------------------------------
 GHC's RTS linker maps executable code in writable pages, representing a
 significant potential exploit point for arbitrary code execution. OpenBSD
 disallows running program that do this by default.

 Fix this.

--
Ticket URL: <http://ghc.haskell.org/trac/ghc/ticket/14069>
GHC <http://www.haskell.org/ghc/>
The Glasgow Haskell Compiler

_______________________________________________
ghc-tickets mailing list
[hidden email]
http://mail.haskell.org/cgi-bin/mailman/listinfo/ghc-tickets
Reply | Threaded
Open this post in threaded view
|

Re: [GHC] #14069: RTS linker maps code as writable

GHC - devs mailing list
#14069: RTS linker maps code as writable
-------------------------------------+-------------------------------------
        Reporter:  bgamari           |                Owner:  (none)
            Type:  bug               |               Status:  new
        Priority:  high              |            Milestone:  8.4.1
       Component:  Runtime System    |              Version:  8.0.1
  (Linker)                           |
      Resolution:                    |             Keywords:
Operating System:  Unknown/Multiple  |         Architecture:
                                     |  Unknown/Multiple
 Type of failure:  None/Unknown      |            Test Case:
      Blocked By:                    |             Blocking:
 Related Tickets:                    |  Differential Rev(s):
       Wiki Page:                    |
-------------------------------------+-------------------------------------
Description changed by bgamari:

Old description:

> GHC's RTS linker maps executable code in writable pages, representing a
> significant potential exploit point for arbitrary code execution. OpenBSD
> disallows running program that do this by default.
>
> Fix this.

New description:

 GHC's RTS linker maps executable code in writable pages, representing a
 significant potential exploit point for arbitrary code execution. OpenBSD
 disallows running program that do this by default.


 Instead we should first map pages as `PROT_READ | PROT_WRITE`, perform any
 necessary relocations (which requires writing), and then `mprotect` it to
 `PROT_READ | PROT_EXEC`.

 To find the relevant code grep for `PROT_EXEC` in the `rts/` directory.

--

--
Ticket URL: <http://ghc.haskell.org/trac/ghc/ticket/14069#comment:1>
GHC <http://www.haskell.org/ghc/>
The Glasgow Haskell Compiler

_______________________________________________
ghc-tickets mailing list
[hidden email]
http://mail.haskell.org/cgi-bin/mailman/listinfo/ghc-tickets
Reply | Threaded
Open this post in threaded view
|

Re: [GHC] #14069: RTS linker maps code as writable

GHC - devs mailing list
In reply to this post by GHC - devs mailing list
#14069: RTS linker maps code as writable
-------------------------------------+-------------------------------------
        Reporter:  bgamari           |                Owner:  (none)
            Type:  bug               |               Status:  new
        Priority:  high              |            Milestone:  8.4.1
       Component:  Runtime System    |              Version:  8.0.1
  (Linker)                           |
      Resolution:                    |             Keywords:
Operating System:  Unknown/Multiple  |         Architecture:
                                     |  Unknown/Multiple
 Type of failure:  None/Unknown      |            Test Case:
      Blocked By:                    |             Blocking:
 Related Tickets:                    |  Differential Rev(s):
       Wiki Page:                    |
-------------------------------------+-------------------------------------
Changes (by bgamari):

 * cc: romanzolotarev (added)


Comment:

 CCing romanzolotarev who expressed interest in this on Twitter.

--
Ticket URL: <http://ghc.haskell.org/trac/ghc/ticket/14069#comment:2>
GHC <http://www.haskell.org/ghc/>
The Glasgow Haskell Compiler

_______________________________________________
ghc-tickets mailing list
[hidden email]
http://mail.haskell.org/cgi-bin/mailman/listinfo/ghc-tickets
Reply | Threaded
Open this post in threaded view
|

Re: [GHC] #14069: RTS linker maps code as writable

GHC - devs mailing list
In reply to this post by GHC - devs mailing list
#14069: RTS linker maps code as writable
-------------------------------------+-------------------------------------
        Reporter:  bgamari           |                Owner:  (none)
            Type:  bug               |               Status:  new
        Priority:  high              |            Milestone:  8.4.1
       Component:  Runtime System    |              Version:  8.0.1
  (Linker)                           |
      Resolution:                    |             Keywords:
Operating System:  Unknown/Multiple  |         Architecture:
                                     |  Unknown/Multiple
 Type of failure:  None/Unknown      |            Test Case:
      Blocked By:                    |             Blocking:
 Related Tickets:                    |  Differential Rev(s):
       Wiki Page:                    |
-------------------------------------+-------------------------------------
Changes (by angerman):

 * cc: angerman (added)


Comment:

 This is already in the aarch64/mach-o linker. And I believe the
 aarch64/elf linker could possibly be doing this already as well.

 Feel free to query me on IRC:angerman, or twitter:angerman_io.

 Otherwise if no one picks this up, I'll try to get around to it.

--
Ticket URL: <http://ghc.haskell.org/trac/ghc/ticket/14069#comment:3>
GHC <http://www.haskell.org/ghc/>
The Glasgow Haskell Compiler

_______________________________________________
ghc-tickets mailing list
[hidden email]
http://mail.haskell.org/cgi-bin/mailman/listinfo/ghc-tickets
Reply | Threaded
Open this post in threaded view
|

Re: [GHC] #14069: RTS linker maps code as writable

GHC - devs mailing list
In reply to this post by GHC - devs mailing list
#14069: RTS linker maps code as writable
-------------------------------------+-------------------------------------
        Reporter:  bgamari           |                Owner:  (none)
            Type:  bug               |               Status:  new
        Priority:  high              |            Milestone:  8.4.1
       Component:  Runtime System    |              Version:  8.0.1
  (Linker)                           |
      Resolution:                    |             Keywords:
Operating System:  Unknown/Multiple  |         Architecture:
                                     |  Unknown/Multiple
 Type of failure:  None/Unknown      |            Test Case:
      Blocked By:                    |             Blocking:
 Related Tickets:                    |  Differential Rev(s):
       Wiki Page:                    |
-------------------------------------+-------------------------------------

Comment (by romanzolotarev):

 Ben, thank you for adding me to the loop.

--
Ticket URL: <http://ghc.haskell.org/trac/ghc/ticket/14069#comment:4>
GHC <http://www.haskell.org/ghc/>
The Glasgow Haskell Compiler

_______________________________________________
ghc-tickets mailing list
[hidden email]
http://mail.haskell.org/cgi-bin/mailman/listinfo/ghc-tickets
Reply | Threaded
Open this post in threaded view
|

Re: [GHC] #14069: RTS linker maps code as writable

GHC - devs mailing list
In reply to this post by GHC - devs mailing list
#14069: RTS linker maps code as writable
-------------------------------------+-------------------------------------
        Reporter:  bgamari           |                Owner:  (none)
            Type:  bug               |               Status:  new
        Priority:  high              |            Milestone:  8.4.1
       Component:  Runtime System    |              Version:  8.0.1
  (Linker)                           |
      Resolution:                    |             Keywords:
Operating System:  Unknown/Multiple  |         Architecture:
                                     |  Unknown/Multiple
 Type of failure:  None/Unknown      |            Test Case:
      Blocked By:                    |             Blocking:
 Related Tickets:                    |  Differential Rev(s):
       Wiki Page:                    |
-------------------------------------+-------------------------------------
Changes (by lelf):

 * cc: lelf (added)


--
Ticket URL: <http://ghc.haskell.org/trac/ghc/ticket/14069#comment:5>
GHC <http://www.haskell.org/ghc/>
The Glasgow Haskell Compiler

_______________________________________________
ghc-tickets mailing list
[hidden email]
http://mail.haskell.org/cgi-bin/mailman/listinfo/ghc-tickets