[pcre-dev] [Bug 1749] PCRE-JITted code should be executed fr…

Góra strony
Delete this message
Autor: admin
Data:  
Dla: pcre-dev
Stare tematy: [pcre-dev] [Bug 1749] New: PCRE-JITted code should be executed from non-writable memory to obey execmem SELinux restriction
Temat: [pcre-dev] [Bug 1749] PCRE-JITted code should be executed from non-writable memory to obey execmem SELinux restriction
https://bugs.exim.org/show_bug.cgi?id=1749

--- Comment #38 from Zoltan Herczeg <hzmester@???> ---
> All the tests were run without SELinux enforcing.


Great news! Thank you very much for testing.

> Running the tests with SELinux enforcing W^X pages on all of the platforms
> would require more time, thus I checked only on my x86_64 workstation and I
> can state it works.


Perhaps this is not necessary since the both allocators should work on normal
systems. The difference is that the protected allocator works on SELinux as
well while the normal allocator does not.

I would be grateful if you could check the JIT compiler as well on these
systems.

1) Please checkout the compiler

svn checkout svn://svn.code.sf.net/p/sljit/code/ sljit

2) Enter sljit directory

cd sljit

3) Modify Makefile

change the following line

CPPFLAGS = $(EXTRA_CPPFLAGS) -DSLJIT_CONFIG_AUTO=1 -Isljit_src

to

CPPFLAGS = $(EXTRA_CPPFLAGS) -DSLJIT_CONFIG_AUTO=1
-DSLJIT_PROT_EXECUTABLE_ALLOCATOR=1 -Isljit_src

4) Build program

make

5) Run SLJIT regression tests:

bin/sljit_test
bin/regex_test

> The pcre2grep tests will fail with "no more memory", fastjit pcre2test tests
> will segfault and pcre2_jit_test will fail with "JIT compiler does not
> support...".


Ok, I got the problem now. I think the pcregrep should only warn if JIT
compiling is failed rather than aborting the execution. Philip, what do you
think about modifying the pcregrep/pcre2grep to work this way?

> But you can be right especially if the JIT compiler does multiple
> allocations and only a subsequent allocation fails. Then probably the
> easiest solution is keep the JIT code as it is and only amend
> pcre2_jit_compile(3) documentation stating it is safe to ingnore
> pcre2_jit_compile(3) failure if the application is not going to use JIT
> specific functions later.


I would go this way. JIT compiling errors are harmless and should never abort
the execution of an application, unless using JIT is critical. But that is a
(rare) special case and we can expect that they provide the suitable
environment.

> Some programs create fix-named temporary files. If an attacker can control
> TMPDIR environment variable, SUID program would write to directory of
> attacker's choice and the final file could coincide with a file the attacker
> does not have access otherwise.


I can modify the compiler to use getenv("TMPDIR") as the first attempt. How can
I test the condition that TMPDIR must not be used?

Regards,
Zoltan

--
You are receiving this mail because:
You are on the CC list for the bug.