Received: by 2002:a05:6902:102b:0:0:0:0 with SMTP id x11csp266536ybt;
        Thu, 25 Jun 2020 21:55:17 -0700 (PDT)
X-Google-Smtp-Source: ABdhPJz+HFlAcjUwyW2fyCEesLn5xqmQsOKmLg8mkqJm7OP41mdtutNuWOv8BMByo2eU6v0wE2Vn
X-Received: by 2002:a17:907:1190:: with SMTP id uz16mr962405ejb.385.1593147317087;
        Thu, 25 Jun 2020 21:55:17 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1593147317; cv=none;
        d=google.com; s=arc-20160816;
        b=qfUNz5qMjVQaxdBI7dD26k7rORIeyqkvF8R/tINRRyqnWsaM7U3UHQv/K4JyurHJrv
         mP4njiGeailvUSPlWiacO3Q33cJe/rxDf5X/BssqWYjkVeCoeAALPHdMEBoTvISS6FSd
         wPksy9o2046UaZr/zm7GuytDju+XzNfRAWQCaxOJ30hwhrZvdUnu5oP/bRaDU1o9squL
         FP7y/hyABdveWQM7elqNhRiiDp9mfaduDQXDfuTKpLQUxT3dPNKbV/ZqaBxhUn0+EnpV
         fOxpeMtWDRYuKmfod63mfgYcUnhIhnHIkrnwhkik4bmZLCgAJOePB5IfFqn/KY+NxHmb
         Bn7g==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:content-transfer-encoding
         :content-language:in-reply-to:mime-version:user-agent:date
         :message-id:from:references:cc:to:subject;
        bh=TpwEaKyy7sXnD/cOhoCfERR0jyo8rq6B7rG+WyOsy9g=;
        b=hpukikS09fhvds00CMSjbr4IM9gRchV4EOePQ63sEL1TTdTZZaAvfU/FO3t6stVT5/
         e5l1B0mUcovAJSklmAwJ8HI0Vpib7nhrIEy4PKf/np5dp0xNuAYsE3yUXcfP9TmiB1Mp
         TE+69LpTWJPE7OltahK1QvJhkPVtFi+j2bFxttP1s3QnkZtMgYU2G+5wInUl96fiSXuP
         vBvbtO02Eb81zoOfVhch3vdv5BgHWNEbScAVhy4BbaevMRBg86P2cImGrPz7hou8MEUj
         vVQEl3y/itx21ylkpdZfAsBt4LkxR7LS1FEtA90x6wFxTV453AoVqYsTGEYXmRwh7jd0
         /flA==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18])
        by mx.google.com with ESMTP id y6si11812787ejr.560.2020.06.25.21.54.54;
        Thu, 25 Jun 2020 21:55:17 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18;
Authentication-Results: mx.google.com;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1726914AbgFZEme (ORCPT <rfc822;ttoukan.linux@gmail.com>
        + 99 others); Fri, 26 Jun 2020 00:42:34 -0400
Received: from pegase1.c-s.fr ([93.17.236.30]:63168 "EHLO pegase1.c-s.fr"
        rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
        id S1726079AbgFZEme (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
        Fri, 26 Jun 2020 00:42:34 -0400
Received: from localhost (mailhub1-int [192.168.12.234])
        by localhost (Postfix) with ESMTP id 49tPPd6JH3z9tyRn;
        Fri, 26 Jun 2020 06:42:29 +0200 (CEST)
X-Virus-Scanned: Debian amavisd-new at c-s.fr
Received: from pegase1.c-s.fr ([192.168.12.234])
        by localhost (pegase1.c-s.fr [192.168.12.234]) (amavisd-new, port 10024)
        with ESMTP id MBV5M8yzvnDA; Fri, 26 Jun 2020 06:42:29 +0200 (CEST)
Received: from messagerie.si.c-s.fr (messagerie.si.c-s.fr [192.168.25.192])
        by pegase1.c-s.fr (Postfix) with ESMTP id 49tPPd5Q6gz9tyRl;
        Fri, 26 Jun 2020 06:42:29 +0200 (CEST)
Received: from localhost (localhost [127.0.0.1])
        by messagerie.si.c-s.fr (Postfix) with ESMTP id C02178B778;
        Fri, 26 Jun 2020 06:42:30 +0200 (CEST)
X-Virus-Scanned: amavisd-new at c-s.fr
Received: from messagerie.si.c-s.fr ([127.0.0.1])
        by localhost (messagerie.si.c-s.fr [127.0.0.1]) (amavisd-new, port 10023)
        with ESMTP id cRNfEGUo6HPJ; Fri, 26 Jun 2020 06:42:30 +0200 (CEST)
Received: from [192.168.4.90] (unknown [192.168.4.90])
        by messagerie.si.c-s.fr (Postfix) with ESMTP id 03DFA8B75E;
        Fri, 26 Jun 2020 06:42:29 +0200 (CEST)
Subject: Re: [klibc] process '/usr/bin/rsync' started with executable stack
To:     Kees Cook <keescook@chromium.org>,
        Dan Carpenter <dan.carpenter@oracle.com>,
        Ben Hutchings <ben@decadent.org.uk>
Cc:     Christian Kujau <lists@nerdbynature.de>,
        Alexey Dobriyan <adobriyan@gmail.com>,
        Andrew Morton <akpm@linux-foundation.org>,
        Willy Tarreau <w@1wt.eu>, linux-kernel@vger.kernel.org,
        klibc@lists.zytor.com, "H. Peter Anvin" <hpa@zytor.com>
References: <alpine.DEB.2.22.1.446.2006231023390.3892@trent.utfs.org>
 <20200624165148.GD31008@kadam> <202006241238.E9CB1CE85B@keescook>
 <20200625100429.GB2571@kadam> <202006251253.2893D4F67@keescook>
From:   Christophe Leroy <christophe.leroy@csgroup.eu>
Message-ID: <46c65832-6677-f644-30f5-d7554826c9c4@csgroup.eu>
Date:   Fri, 26 Jun 2020 06:42:13 +0200
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:68.0) Gecko/20100101
 Thunderbird/68.9.0
MIME-Version: 1.0
In-Reply-To: <202006251253.2893D4F67@keescook>
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Language: fr
Content-Transfer-Encoding: 8bit
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org



Le 25/06/2020 à 22:20, Kees Cook a écrit :
> On Thu, Jun 25, 2020 at 01:04:29PM +0300, Dan Carpenter wrote:
>> On Wed, Jun 24, 2020 at 12:39:24PM -0700, Kees Cook wrote:
>>> On Wed, Jun 24, 2020 at 07:51:48PM +0300, Dan Carpenter wrote:
>>>> In Debian testing the initrd triggers the warning.
>>>>
>>>> [   34.529809] process '/usr/bin/fstype' started with executable stack
>>>
>>> Where does fstype come from there? I am going to guess it is either
>>> busybox or linked against klibc?
>>>
>>> klibc has known problems with executable stacks due to its trampoline
>>> implementation:
>>> https://wiki.ubuntu.com/SecurityTeam/Roadmap/ExecutableStacks
>>
>> Yeah.  It comes from klibc-utils.
> 
> This is exactly what I was worried about back in Feb:
> https://lore.kernel.org/lkml/202002251341.48BC06E@keescook/
> 
> This warning, combined with klibc-based initrds, makes the whole thing
> pointless because it will always warn once on boot for the klibc stack,
> and then not warn about anything else after that.
> 
> It looks like upstream klibc hasn't been touched in about 4 years, and
> it's been up to Ben to keep it alive in Debian.
> 
> A couple ideas, in order of my preference:
> 
> 1) stop using klibc-utils[1]. initramfs-tools-core is the only thing with a
>     dependency on klibc-utils. Only a few things are missing from busybox.

Does busybox cleanly build with klibc lib ?
If it does, is the result as small ?

> 
> 2) make the warning rate-limited instead?
> 
> 3) fix the use of trampolines in klibc

That's done, see 
https://git.kernel.org/pub/scm/libs/klibc/klibc.git/commit/?id=9d8d648e604026b32cad00a84ed6c29cbd157641

Discussed here 
https://lists.zytor.com/archives/klibc/2020-February/004271.html

Christophe

> 
> Thoughts?
> 
> -Kees
> 
> 
> [1] Ben appears well aware of this idea, as he suggested it in 2018. :)
>      https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=887159
>