Avoid repeated ASLR re-exec attempts#2193
Conversation
|
|
||
| // Some security profiles clear ADDR_NO_RANDOMIZE across exec even though the | ||
| // personality appears updated here. Avoid re-entering forever in that case. | ||
| static const char kAslrReexecEnv[] = "BENCHMARK_ASLR_NO_REEXEC"; |
There was a problem hiding this comment.
Why is this an array of strings if we only need a single string?
kiwigitops
force-pushed
the
fix-aslr-reexec-loop
branch
from
a593ebd to
eacc9ca
Compare
|
Updated to use a constexpr const char* for the env var name. |
kiwigitops
force-pushed
the
fix-aslr-reexec-loop
branch
from
eacc9ca to
ae0da7c
Compare
|
Quick follow-up on this. I addressed the env-var naming feedback, but it looks non-mergeable now. Happy to refresh it against main if the approach looks okay. |
|
Still no real reply from devs on https://bugs.launchpad.net/bugs/2153650 :( |
|
Yeah, upstream sounds like the right next place to ask. If someone opens an issue there and links it back here, I can follow along from this PR. |
|
@kiwigitops and there's a response: https://gitlab.com/apparmor/apparmor/-/work_items/647#note_3475169287 |
2 participants
Summary
Context
This addresses the AppArmor case from #2184 where
personality()reportsADDR_NO_RANDOMIZEas set beforeexecv(), but the new process image loses that flag and re-enters the same code path forever.Testing
git diff --checkI did not add a direct unit test because the behavior depends on Linux exec/personality interaction under an AppArmor-constrained process tree.