1. Forum
  2. Usenet
  3. LINUX.DEBIAN.BUGS.DIST

  • Bug#1065484: libatasmart4: Please rebuild to avoid overly huge ELF segm

    From Mathias Krause@21:1/5 to All on Tue Mar 5 12:10:02 2024
    Package: libatasmart4
    Version: 0.19-5
    Severity: normal
    X-Debbugs-Cc: minipli@grsecurity.net

    Dear Maintainer,

    After investigating ELF binaries and libraries on Debian systems, I
    noticed that libatasmart4 uses an overly huge alignemnt for its
    segments. This will lead to an unnecessary ASLR degradation for users of
    this library like udisks2.

    Below is the relevant output:

    minipli@x1:~/src/paxtest (master)$ ./contrib/check_align.sh /usr/lib/x86_64-linux-gnu/libatasmart.so.4.0.5
    /usr/lib/x86_64-linux-gnu/libatasmart.so.4.0.5 (max align=0x200000) minipli@x1:~/src/paxtest (master)$ readelf -Wl /usr/lib/x86_64-linux-gnu/libatasmart.so.4.0.5 | grep -B2 LOAD
    Program Headers:
    Type Offset VirtAddr PhysAddr FileSiz MemSiz Flg Align
    LOAD 0x000000 0x0000000000000000 0x0000000000000000 0x009f58 0x009f58 R E 0x200000
    LOAD 0x00a390 0x000000000020a390 0x000000000020a390 0x001e40 0x001e48 RW 0x200000

    The cause for the excessive segment alignment of 2MB instead of the
    usual 4kB is binutils' ld which did, from versions v2.11 up to v2.30 (in Debian, at least), use a huge default, even if no segment required such
    a huge alignment. That was fixed in Debian with the release of buster,
    which makes use of binutils v2.31+.

    The full technical background behind overly huge alignment was reported
    here: https://grsecurity.net/toolchain_necromancy_past_mistakes_haunting_aslr

    Rebuilding the package will implicitly make use of a recent version of
    ld and thereby fix the issue which is what I'm herby requesting.

    Thanks,
    Mathias

    -- System Information:
    Debian Release: 12.5
    APT prefers stable-updates
    APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500, 'stable-debug'), (500, 'proposed-updates-debug'), (500, 'proposed-updates'), (500, 'stable')
    Architecture: amd64 (x86_64)

    Kernel: Linux 6.1.0-18-amd64 (SMP w/20 CPU threads; PREEMPT)
    Kernel taint flags: TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE
    Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US:en
    Shell: /bin/sh linked to /usr/bin/dash
    Init: systemd (via /run/systemd/system)
    LSM: AppArmor: enabled

    Versions of packages libatasmart4 depends on:
    ii libc6 2.36-9+deb12u4
    ii libudev1 252.22-1~deb12u1

    libatasmart4 recommends no packages.

    libatasmart4 suggests no packages.

    -- no debconf information

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)