Bug 434714
Summary: | Artificial ELF executable does not execute (gets Killed) | ||||||
---|---|---|---|---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Jan Kratochvil <jan.kratochvil> | ||||
Component: | kernel | Assignee: | Kernel Maintainer List <kernel-maint> | ||||
Status: | CLOSED NOTABUG | QA Contact: | Fedora Extras Quality Assurance <extras-qa> | ||||
Severity: | low | Docs Contact: | |||||
Priority: | low | ||||||
Version: | rawhide | CC: | roland | ||||
Target Milestone: | --- | ||||||
Target Release: | --- | ||||||
Hardware: | x86_64 | ||||||
OS: | Linux | ||||||
Whiteboard: | |||||||
Fixed In Version: | Doc Type: | Bug Fix | |||||
Doc Text: | Story Points: | --- | |||||
Clone Of: | Environment: | ||||||
Last Closed: | 2008-04-27 20:44:40 UTC | Type: | --- | ||||
Regression: | --- | Mount Type: | --- | ||||
Documentation: | --- | CRM: | |||||
Verified Versions: | Category: | --- | |||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
Cloudforms Team: | --- | Target Upstream Version: | |||||
Embargoed: | |||||||
Attachments: |
|
Description
Jan Kratochvil
2008-02-24 21:40:30 UTC
Created attachment 295749 [details]
bzip2 of the ELF binary getting Killed
Convenient ELF dump (of the executable stripped with the same reproducibility): ELF Header: Magic: 7f 45 4c 46 02 01 01 00 00 00 00 00 00 00 00 00 Class: ELF64 Data: 2's complement, little endian Ident Version: 1 (current) OS/ABI: UNIX - System V ABI Version: 0 Type: EXEC (Executable file) Machine: AMD x86-64 Version: 1 (current) Entry point address: 0 Start of program headers: 64 (bytes into file) Start of section headers: 2097184 (bytes into file) Flags: Size of this header: 64 (bytes) Size of program header entries: 56 (bytes) Number of program headers entries: 1 Size of section header entries: 64 (bytes) Number of section headers entries: 3 Section header string table index: 2 Section Headers: [Nr] Name Type Addr Off Size ES Flags Lk Inf Al [ 0] NULL 0000000000000000 00000000 00000000 0 0 0 0 [ 1] .text PROGBITS 0000000000000000 00200000 00000009 0 AX 0 0 4 [ 2] .shstrtab STRTAB 0000000000000000 00200009 00000011 0 0 0 1 Program Headers: Type Offset VirtAddr PhysAddr FileSiz MemSiz Flg Align LOAD 0x200000 0x0000000000000000 0x0000000000000000 0x000009 0x000009 R E 0x200000 Section to Segment mapping: Segment Sections... 00 [RO: .text] Fix of the uninitialized exit code - but everything is still the same: Steps to Reproduce: echo -e '.globl _start\n_start: movq $231,%rax\nmovq $42,%rdi\nsyscall' | as -o trapkill.o; ld -o trapkill trapkill.o --script=/dev/null; ./trapkill; echo $? Actual results: Killed 137 Expected results: 42 Not reproduced on my upstream tip build. Maybe an exec-shield breakage? (In reply to comment #4) > Not reproduced on my upstream tip build. Maybe an exec-shield breakage? Just tried it is still broken (on kernel-2.6.25-0.65.rc2.git7.fc9.x86_64) with: echo 0 >/proc/sys/kernel/exec-shield echo "0" >/proc/sys/vm/mmap_min_addr That should fix it -- at least on F8 changing that from 0 to 32768 made it fail. (The executable code starts at 0.) Yup, I think this is pretty much expected behavior. i.e. an ET_EXEC with a p_vaddr at 0 is asking for a mmap that it is often security policy to refuse. Unfortunately there really isn't much better than SIGKILL death that you can expect for this. OK, thanks for the explanation. (The GDB testcase fortunately already no longer uses this 0-based executable.) |