Home » Mailing list archives » linux-kernel » 2008 » October » 3

[PATCH] ELF: implement AT_RANDOM for future glibc use

!MAILaRCHIVE_VOTE_RePLACE
Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]
[view in full thread]
From: Kees Cook <kees.cook@...>
To: Roland McGrath <roland@...>, <linux-kernel@...>
Cc: Jakub Jelinek <jakub@...>, Ulrich Drepper <drepper@...>, <libc-alpha@...>
Subject: [PATCH] ELF: implement AT_RANDOM for future glibc use
Date: Thursday, October 2, 2008 - 8:16 pm

While discussing[1] the need for glibc to have access to random bytes
during program load, it seems that an earlier attempt to implement
AT_RANDOM got stalled.  This implements a configurable number of random
bytes available to every ELF program via a new auxv AT_RANDOM vector.

[1] http://sourceware.org/ml/libc-alpha/2008-10/msg00006.html

Signed-off-by: Kees Cook <kees.cook@canonical.com>
---
 fs/binfmt_elf.c        |   20 ++++++++++++++++++++
 include/linux/auxvec.h |    4 +++-
 security/Kconfig       |    9 +++++++++
 3 files changed, 32 insertions(+), 1 deletions(-)

diff --git a/fs/binfmt_elf.c b/fs/binfmt_elf.c
index 655ed8d..9b2ea62 100644
--- a/fs/binfmt_elf.c
+++ b/fs/binfmt_elf.c
@@ -152,6 +152,8 @@ create_elf_tables(struct linux_binprm *bprm, struct elfhdr *exec,
 	elf_addr_t __user *sp;
 	elf_addr_t __user *u_platform;
 	elf_addr_t __user *u_base_platform;
+	elf_addr_t __user *u_rand_bytes;
+	unsigned int rand_size;
 	const char *k_platform = ELF_PLATFORM;
 	const char *k_base_platform = ELF_BASE_PLATFORM;
 	int items;
@@ -196,6 +198,18 @@ create_elf_tables(struct linux_binprm *bprm, struct elfhdr *exec,
 			return -EFAULT;
 	}
 
+	rand_size = CONFIG_SECURITY_AUXV_RANDOM_SIZE * sizeof(unsigned long);
+	u_rand_bytes = NULL;
+	if (rand_size) {
+		unsigned char k_rand_bytes[CONFIG_SECURITY_AUXV_RANDOM_SIZE *
+					   sizeof(unsigned long)];
+		get_random_bytes(k_rand_bytes, rand_size);
+
+		u_rand_bytes = (elf_addr_t __user *)STACK_ALLOC(p, rand_size);
+		if (__copy_to_user(u_rand_bytes, k_rand_bytes, rand_size))
+			return -EFAULT;
+	}
+
 	/* Create the ELF interpreter info */
 	elf_info = (elf_addr_t *)current->mm->saved_auxv;
 	/* update AT_VECTOR_SIZE_BASE if the number of NEW_AUX_ENT() changes */
@@ -228,6 +242,12 @@ create_elf_tables(struct linux_binprm *bprm, struct elfhdr *exec,
 	NEW_AUX_ENT(AT_GID, tsk->gid);
 	NEW_AUX_ENT(AT_EGID, tsk->egid);
  	NEW_AUX_ENT(AT_SECURE, security_bprm_secureexec(bprm));
+	if (rand_size) {
+		NEW_AUX_ENT(AT_RANDOM_SIZE,
+			    (elf_addr_t)(unsigned long)rand_size);
+		NEW_AUX_ENT(AT_RANDOM,
+			    (elf_addr_t)(unsigned long)u_rand_bytes);
+	}
 	NEW_AUX_ENT(AT_EXECFN, bprm->exec);
 	if (k_platform) {
 		NEW_AUX_ENT(AT_PLATFORM,
diff --git a/include/linux/auxvec.h b/include/linux/auxvec.h
index d7afa9d..df4ff65 100644
--- a/include/linux/auxvec.h
+++ b/include/linux/auxvec.h
@@ -23,6 +23,8 @@
 #define AT_PLATFORM 15  /* string identifying CPU for optimizations */
 #define AT_HWCAP  16    /* arch dependent hints at CPU capabilities */
 #define AT_CLKTCK 17	/* frequency at which times() increments */
+#define AT_RANDOM 18    /* address of random bytes */
+#define AT_RANDOM_SIZE 19   /* number of random bytes at AT_RANDOM */
 
 #define AT_SECURE 23   /* secure mode boolean */
 
@@ -32,7 +34,7 @@
 #define AT_EXECFN  31	/* filename of program */
 
 #ifdef __KERNEL__
-#define AT_VECTOR_SIZE_BASE 18 /* NEW_AUX_ENT entries in auxiliary table */
+#define AT_VECTOR_SIZE_BASE 20 /* NEW_AUX_ENT entries in auxiliary table */
   /* number of "#define AT_.*" above, minus {AT_NULL, AT_IGNORE, AT_NOTELF} */
 #endif
 
diff --git a/security/Kconfig b/security/Kconfig
index f6c0429..8d9d49d 100644
--- a/security/Kconfig
+++ b/security/Kconfig
@@ -114,6 +114,15 @@ config SECURITY_DEFAULT_MMAP_MIN_ADDR
 	  This value can be changed after boot using the
 	  /proc/sys/vm/mmap_min_addr tunable.
 
+config SECURITY_AUXV_RANDOM_SIZE
+	int "Number of random longs to store in AT_RANDOM on every exec"
+	default 4
+	help
+	  This value determines the size of the random longs provided
+	  to programs via the auxv AT_RANDOM vector.  It can be used
+	  to initialize random values needed during program load.
+
+	  If you are unsure how many longs to use, answer 4.
 
 source security/selinux/Kconfig
 source security/smack/Kconfig
-- 
1.5.6.3

-- 
Kees Cook
Ubuntu Security Team
--
Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]
Messages in current thread:
[PATCH] ELF: implement AT_RANDOM for future glibc use, Kees Cook, (Thu Oct 2, 8:16 pm)
Re: [PATCH] ELF: implement AT_RANDOM for future glibc use, Andi Kleen, (Mon Oct 6, 2:00 am)
Re: [PATCH] ELF: implement AT_RANDOM for future glibc use, Kees Cook, (Mon Oct 6, 1:50 pm)
Re: [PATCH] ELF: implement AT_RANDOM for future glibc use, Andi Kleen, (Mon Oct 6, 3:26 pm)
Re: [PATCH] ELF: implement AT_RANDOM for future glibc use, Kees Cook, (Mon Oct 6, 6:07 pm)
Re: [PATCH] ELF: implement AT_RANDOM for future glibc use, Roland McGrath, (Mon Oct 6, 7:58 pm)
Re: [PATCH] ELF: implement AT_RANDOM for future glibc use, Kees Cook, (Mon Oct 6, 8:31 pm)
Re: [PATCH] ELF: implement AT_RANDOM for future glibc use, Ulrich Drepper, (Mon Oct 6, 8:57 pm)
Re: [PATCH] ELF: implement AT_RANDOM for future glibc use, Kees Cook, (Mon Oct 6, 9:44 pm)
Re: [PATCH] ELF: implement AT_RANDOM for future glibc use, Ulrich Drepper, (Mon Oct 6, 9:51 pm)
Re: [PATCH] ELF: implement AT_RANDOM for future glibc use, Ulrich Drepper, (Mon Oct 6, 8:08 pm)
Re: [PATCH] ELF: implement AT_RANDOM for future glibc use, Andi Kleen, (Mon Oct 6, 7:28 pm)
Re: [PATCH] ELF: implement AT_RANDOM for future glibc use, Kees Cook, (Mon Oct 6, 6:01 pm)
Re: [PATCH] ELF: implement AT_RANDOM for future glibc use, Andi Kleen, (Mon Oct 6, 7:19 pm)
Re: [PATCH] ELF: implement AT_RANDOM for future glibc use, Kees Cook, (Mon Oct 6, 7:29 pm)
Re: [PATCH] ELF: implement AT_RANDOM for future glibc use, Andi Kleen, (Mon Oct 6, 7:44 pm)
Re: [PATCH] ELF: implement AT_RANDOM for future glibc use, Roland McGrath, (Thu Oct 2, 8:52 pm)
Re: [PATCH] ELF: implement AT_RANDOM for future glibc use, Kees Cook, (Fri Oct 3, 1:15 am)
Re: [PATCH] ELF: implement AT_RANDOM for future glibc use, Roland McGrath, (Fri Oct 3, 4:22 pm)
Re: [PATCH] ELF: implement AT_RANDOM for future glibc use, Jakub Jelinek, (Thu Oct 2, 8:43 pm)
[PATCH] ELF: implement AT_RANDOM for future glibc use, Kees Cook, (Fri Oct 3, 1:29 am)
Re: [PATCH] ELF: implement AT_RANDOM for future glibc use, Arjan van de Ven, (Fri Oct 3, 1:57 am)
Re: [PATCH] ELF: implement AT_RANDOM for future glibc use, Ulrich Drepper, (Fri Oct 3, 2:25 am)
[PATCH] ELF: implement AT_RANDOM for glibc PRNG seeding, Kees Cook, (Fri Oct 3, 10:50 am)
Re: [PATCH] ELF: implement AT_RANDOM for glibc PRNG seeding, Jakub Jelinek, (Fri Oct 3, 10:57 am)
[PATCH] ELF: implement AT_RANDOM for glibc PRNG seeding, Kees Cook, (Fri Oct 3, 1:33 pm)
Re: [PATCH] ELF: implement AT_RANDOM for glibc PRNG seeding, Ulrich Drepper, (Fri Oct 3, 1:41 pm)
[PATCH v5] ELF: implement AT_RANDOM for glibc PRNG seeding, Kees Cook, (Fri Oct 3, 1:59 pm)
Re: [PATCH v5] ELF: implement AT_RANDOM for glibc PRNG seeding, Andrew Morton, (Tue Oct 21, 4:01 pm)
Re: [PATCH v5] ELF: implement AT_RANDOM for glibc PRNG seeding, Ulrich Drepper, (Tue Oct 21, 4:22 pm)
Re: [PATCH v5] ELF: implement AT_RANDOM for glibc PRNG seeding, Andrew Morton, (Mon Oct 27, 1:46 am)
Re: [PATCH v5] ELF: implement AT_RANDOM for glibc PRNG seeding, Ulrich Drepper, (Sat Oct 18, 1:42 am)
Re: [PATCH] ELF: implement AT_RANDOM for glibc PRNG seeding, Ulrich Drepper, (Fri Oct 3, 10:56 am)
Re: [PATCH] ELF: implement AT_RANDOM for future glibc use, Kees Cook, (Fri Oct 3, 1:25 am)