Currently, the PCuABI kernel from the "morello/next" branch doesn't set bounds for the elements of argv and envp. I suppose the bounds should be equal to `round_representable(strlen+1)` and currently they appear as 2^64 - 1.
Could this be fixed? Thank you!
Kind regards, Yury IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.
Hi Yury,
On 24/10/2022 11:21, Yury Khrustalev wrote:
Currently, the PCuABI kernel from the "morello/next" branch doesn't set bounds for the elements of argv and envp.
Yes, this is expected, in fact a more general statement is: the kernel does not restrict the bounds or permissions of any capability given to userspace. This is the current status and is reflected in the transitional PCuABI spec [1]. For more context on the current limitations, see [2].
I suppose the bounds should be equal to `round_representable(strlen+1)` and currently they appear as 2^64 - 1.
This is the intention for the full PCuABI indeed, with appropriate padding if capability bounds have to be enlarged to be representable.
Could this be fixed? Thank you!
It will be as part of the second phase of the PCuABI implementation, where we move from the transitional spec to the full spec. This specific piece of work is covered by that ticket [3].
I hope this clarifies the current situation.
Kevin
[1] https://git.morello-project.org/morello/kernel/linux/-/wikis/Transitional-Mo... [2] https://git.morello-project.org/morello/kernel/linux/-/blob/morello/master/D... [3] https://git.morello-project.org/morello/kernel/linux/-/issues/19
linux-morello@op-lists.linaro.org
-
Kevin Brodsky -
Yury Khrustalev