Received: by 2002:a05:6902:102b:0:0:0:0 with SMTP id x11csp104353ybt;
        Thu, 25 Jun 2020 16:32:21 -0700 (PDT)
X-Google-Smtp-Source: ABdhPJwqnIbzTEebkyBVFCBmdigB0hV+p9qZKft7QsSfaf4ztbrp0ewvf8f9YxsPBV4IOC3kZB8+
X-Received: by 2002:a17:907:11ce:: with SMTP id va14mr161176ejb.189.1593127941245;
        Thu, 25 Jun 2020 16:32:21 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1593127941; cv=none;
        d=google.com; s=arc-20160816;
        b=rTWqriArI1RW7oPyb7dpI7WFAMJJ6dTAuPNJIim0RpN8xP4C5rgKdqlplrGAbGJUO7
         AY4l13/6HlQmYsp67xSsyR3CxZ5/wT+oeIl2h9+I+mJaU5eI0ohbqyj2qdve8Qv2H64C
         /3sAH5NO2N0KddJRTxNk805diCTF/0IcmFH/ihULBqjh+Ej7QhxPUtsLYI2swc/WG8cQ
         TF4kZLV+qD70HwvbfirLXrQiWvbMNWbvh9VbnKcAY1GtXhH0+rsJhTwSx8477mEGQWRX
         91LbR4hlUa8TXIwEuE84o1RVuU2Wpd+wla3VFZlrt+6ZGclKqvnn0zCl2XGuo4AiXsT7
         asHQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:in-reply-to:content-disposition
         :mime-version:references:message-id:subject:cc:to:from:date
         :dkim-signature;
        bh=ug4I/46fw0495bLPFBA/k3xYDvMnBATxK4UfYwCoaoY=;
        b=WvYCYlXqKz9WRIQAGwmuqZEeSDnSOCDjhzAzg2rJx/LZW2Y+hqBGtUQqp3IPPI9V3N
         HOMPyMNH3zQvcSbXPhTSSNYCOPq+hxWQEZ8VEbZmCA5Tmcwcrcw+xhAJ85oBNrnYbWqF
         lviwPzzXZ+fJqETsnG4skPzsfOPJBdRWIMEumoAS9FQLQC/33pJspF73DC2BN7tUckat
         MDy/lkgcFwuBk+S4hHTU3i8z1BDrCUZEMirBI9NTSRHMSwEI75TjE6F6jCzGFzoORlBy
         e8S2VdMVfCZmnEyD+D5GdSnPDcxCfyAcgTxwMWMk2lsL5DLDcCVtWdJit5Aus1BL81tL
         dgEw==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@chromium.org header.s=google header.b=KGopbzvm;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18])
        by mx.google.com with ESMTP id dt20si19528330ejc.24.2020.06.25.16.31.58;
        Thu, 25 Jun 2020 16:32:21 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@chromium.org header.s=google header.b=KGopbzvm;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S2407129AbgFYUUX (ORCPT <rfc822;rajatbajpailinux@gmail.com>
        + 99 others); Thu, 25 Jun 2020 16:20:23 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:44836 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S2405161AbgFYUUW (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Thu, 25 Jun 2020 16:20:22 -0400
Received: from mail-pj1-x1042.google.com (mail-pj1-x1042.google.com [IPv6:2607:f8b0:4864:20::1042])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 9C600C08C5C1
        for <linux-kernel@vger.kernel.org>; Thu, 25 Jun 2020 13:20:22 -0700 (PDT)
Received: by mail-pj1-x1042.google.com with SMTP id ev7so3101378pjb.2
        for <linux-kernel@vger.kernel.org>; Thu, 25 Jun 2020 13:20:22 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=chromium.org; s=google;
        h=date:from:to:cc:subject:message-id:references:mime-version
         :content-disposition:in-reply-to;
        bh=ug4I/46fw0495bLPFBA/k3xYDvMnBATxK4UfYwCoaoY=;
        b=KGopbzvm5BpYniSH2K0+paJmHpTp+pCLlRL8KoRzn74lKvNPdqLiCIa/PGQ7ZvurIF
         iPu0E5smqiq/bPrwskx3t0lZAGZarGOvEYpBClk7TWB0t/ufUVKdmc7zfehJfzcxAod8
         /p4rIKNUn5c0nOm5Ftrv04PMidmTCbxbsUiZk=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:date:from:to:cc:subject:message-id:references
         :mime-version:content-disposition:in-reply-to;
        bh=ug4I/46fw0495bLPFBA/k3xYDvMnBATxK4UfYwCoaoY=;
        b=pNlVW4UEMSbjujVZTx8QJDGiuzD+UUoT1fO38hXAX2oj8bxVa0nZ5PNURZtnAPJm6s
         Hn++6R/0nIhX1ZHpNKIO9xIBcU/0BMJ0W/zZxmgTzoN2k3n5Dc3SgrjhjVMyPmIBT4Ye
         KtRctl4jNljRiuwbnVq1EU3+nnxvm1jMiI80fUoW0nvDqTZJHsmXMLDCTkz+TN8acK5a
         mkX67o/SLbACuCyb7brEFJauDOXLM9pckB7wm9nDpCy4XcfFGN+Wcj3QTSYGPpd6Cawk
         t3J7AmF+JbtnggIDVBZn0J82l5muHzZFl6ZEzTC8hCqV/ngZEinYMTBRAbid7YEM5vmF
         6Ugg==
X-Gm-Message-State: AOAM530NmNNeTcyYqCIxeDJnc2BC/7OiPHCsQABYmxvTGTSk0Yi9/3wJ
        MRX07X6NfOrpxA1h/+3TUv1x/Q==
X-Received: by 2002:a17:902:db83:: with SMTP id m3mr10332668pld.176.1593116422110;
        Thu, 25 Jun 2020 13:20:22 -0700 (PDT)
Received: from www.outflux.net (smtp.outflux.net. [198.145.64.163])
        by smtp.gmail.com with ESMTPSA id f20sm3668653pfn.51.2020.06.25.13.20.20
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Thu, 25 Jun 2020 13:20:21 -0700 (PDT)
Date:   Thu, 25 Jun 2020 13:20:19 -0700
From:   Kees Cook <keescook@chromium.org>
To:     Dan Carpenter <dan.carpenter@oracle.com>,
        Ben Hutchings <ben@decadent.org.uk>
Cc:     Christian Kujau <lists@nerdbynature.de>,
        Alexey Dobriyan <adobriyan@gmail.com>,
        Andrew Morton <akpm@linux-foundation.org>,
        Willy Tarreau <w@1wt.eu>, linux-kernel@vger.kernel.org,
        klibc@lists.zytor.com, "H. Peter Anvin" <hpa@zytor.com>
Subject: Re: process '/usr/bin/rsync' started with executable stack
Message-ID: <202006251253.2893D4F67@keescook>
References: <alpine.DEB.2.22.1.446.2006231023390.3892@trent.utfs.org>
 <20200624165148.GD31008@kadam>
 <202006241238.E9CB1CE85B@keescook>
 <20200625100429.GB2571@kadam>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20200625100429.GB2571@kadam>
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Thu, Jun 25, 2020 at 01:04:29PM +0300, Dan Carpenter wrote:
> On Wed, Jun 24, 2020 at 12:39:24PM -0700, Kees Cook wrote:
> > On Wed, Jun 24, 2020 at 07:51:48PM +0300, Dan Carpenter wrote:
> > > In Debian testing the initrd triggers the warning.
> > > 
> > > [   34.529809] process '/usr/bin/fstype' started with executable stack
> > 
> > Where does fstype come from there? I am going to guess it is either
> > busybox or linked against klibc?
> > 
> > klibc has known problems with executable stacks due to its trampoline
> > implementation:
> > https://wiki.ubuntu.com/SecurityTeam/Roadmap/ExecutableStacks
> 
> Yeah.  It comes from klibc-utils.

This is exactly what I was worried about back in Feb:
https://lore.kernel.org/lkml/202002251341.48BC06E@keescook/

This warning, combined with klibc-based initrds, makes the whole thing
pointless because it will always warn once on boot for the klibc stack,
and then not warn about anything else after that.

It looks like upstream klibc hasn't been touched in about 4 years, and
it's been up to Ben to keep it alive in Debian.

A couple ideas, in order of my preference:

1) stop using klibc-utils[1]. initramfs-tools-core is the only thing with a
   dependency on klibc-utils. Only a few things are missing from busybox.

2) make the warning rate-limited instead?

3) fix the use of trampolines in klibc

Thoughts?

-Kees


[1] Ben appears well aware of this idea, as he suggested it in 2018. :)
    https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=887159

-- 
Kees Cook