[#118346] [Ruby master Bug#20586] Some filesystem calls in dir.c are missing error handling and can return incorrect results if interrupted — "ivoanjo (Ivo Anjo) via ruby-core" <ruby-core@...>
Issue #20586 has been reported by ivoanjo (Ivo Anjo).
13 messages
2024/06/19
[ruby-core:118186] [Ruby master Bug#20527] Control-Flow protection cannot be enabled for Ruby due to ASM bits
From:
"vo.x (Vit Ondruch) via ruby-core" <ruby-core@...>
Date:
2024-06-05 16:38:04 UTC
List:
ruby-core #118186
Issue #20527 has been updated by vo.x (Vit Ondruch). This is actually duplicate of #18061 (I'll suggest to continue discussion there), which includes this draft implementation: https://github.com/ruby/ruby/pull/5895 ---------------------------------------- Bug #20527: Control-Flow protection cannot be enabled for Ruby due to ASM bits https://bugs.ruby-lang.org/issues/20527#change-108637 * Author: vo.x (Vit Ondruch) * Status: Open * ruby -v: ruby 3.3.1 (2024-04-23 revision c56cd86388) [x86_64-linux] * Backport: 3.1: UNKNOWN, 3.2: UNKNOWN, 3.3: UNKNOWN ---------------------------------------- Checking if Ruby is properly hardened up to Fedora standard using `annocheck`, this is the result: ~~~ $ annocheck redhat-linux-build/libruby.so.3.3.1 annocheck: Version 12.54. Hardened: libruby.so.3.3.1: FAIL: cf-protection test because .note.gnu.property section did not contain the necessary flags Hardened: libruby.so.3.3.1: FAIL: property-note test because a property note was found but it shows that cf-protection is not enabled Hardened: Rerun annocheck with --verbose to see more information on the tests. Hardened: libruby.so.3.3.1: Overall: FAIL. ~~~ Wondering what is the issue, I have executed following: ~~~ $ annocheck redhat-linux-build/* 2>/dev/null | grep FAIL | less Hardened: Context.o: Overall: FAIL (due to MAYB results). Hardened: libruby-static.a:Context.o: Overall: FAIL (due to MAYB results). Hardened: libruby.so.3.3.1: FAIL: cf-protection test because .note.gnu.property section did not contain the necessary flags Hardened: libruby.so.3.3.1: FAIL: property-note test because a property note was found but it shows that cf-protection is not enabled Hardened: libruby.so.3.3.1: Overall: FAIL. Hardened: miniruby: FAIL: cf-protection test because .note.gnu.property section did not contain the necessary flags Hardened: miniruby: FAIL: property-note test because a property note was found but it shows that cf-protection is not enabled Hardened: miniruby: Overall: FAIL. ~~~ This suggest that the `Context.o` is the culprit. Lets take a detailed look: ~~~ $ annocheck redhat-linux-build/coroutine/amd64/Context.o --verbose annocheck: Version 12.54. Hardened: redhat-linux-build/coroutine/amd64/Context.o: info: No matching profile found. Hardened: redhat-linux-build/coroutine/amd64/Context.o: PASS: pie test because the ELF file header has the correct type Hardened: redhat-linux-build/coroutine/amd64/Context.o: PASS: gnu-stack test because non-executable .note.GNU-stack section found Hardened: redhat-linux-build/coroutine/amd64/Context.o: skip: gaps test because no notes found - therefore there are no gaps! Hardened: redhat-linux-build/coroutine/amd64/Context.o: MAYB: test: notes, reason: notes not found and no DWARF info found (could there be a separate debuginfo file ?) Hardened: redhat-linux-build/coroutine/amd64/Context.o: info: For more information visit: https://sourceware.org/annobin/annobin.html/Test-notes.html Hardened: redhat-linux-build/coroutine/amd64/Context.o: skip: bind-now test because only needed for executables Hardened: redhat-linux-build/coroutine/amd64/Context.o: skip: branch-protection test because not an AArch64 binary Hardened: redhat-linux-build/coroutine/amd64/Context.o: skip: cf-protection test because not an x86_64 executable Hardened: redhat-linux-build/coroutine/amd64/Context.o: PASS: dynamic-segment test Hardened: redhat-linux-build/coroutine/amd64/Context.o: skip: dynamic-tags test because AArch64 specific Hardened: redhat-linux-build/coroutine/amd64/Context.o: PASS: entry test Hardened: redhat-linux-build/coroutine/amd64/Context.o: PASS: fast test Hardened: redhat-linux-build/coroutine/amd64/Context.o: skip: fips test because not a GO binary Hardened: redhat-linux-build/coroutine/amd64/Context.o: skip: fortify test because no compiled C/C++ code found Hardened: redhat-linux-build/coroutine/amd64/Context.o: skip: glibcxx-assertions test because no compiled C/C++ code found Hardened: redhat-linux-build/coroutine/amd64/Context.o: skip: gnu-relro test because not needed in object files Hardened: redhat-linux-build/coroutine/amd64/Context.o: skip: go-revision test because no GO compiled code found Hardened: redhat-linux-build/coroutine/amd64/Context.o: skip: implicit-values test because These tests are only relevent to C source code Hardened: redhat-linux-build/coroutine/amd64/Context.o: PASS: instrumentation test Hardened: redhat-linux-build/coroutine/amd64/Context.o: skip: lto test because not compiled from C/C++ code Hardened: redhat-linux-build/coroutine/amd64/Context.o: PASS: openssl-engine test Hardened: redhat-linux-build/coroutine/amd64/Context.o: MAYB: test: optimization, reason: could not determine how the code was created Hardened: redhat-linux-build/coroutine/amd64/Context.o: info: For more information visit: https://sourceware.org/annobin/annobin.html/Test-optimization.html Hardened: redhat-linux-build/coroutine/amd64/Context.o: WARN: This can happen if the program is compiled from a language unknown to annocheck Hardened: redhat-linux-build/coroutine/amd64/Context.o: WARN: or because there are no annobin build notes (could they be in a separate file ?) Hardened: redhat-linux-build/coroutine/amd64/Context.o: WARN: For more details see https://sourceware.org/annobin/annobin.html/Absence-of-compiled-code.html Hardened: redhat-linux-build/coroutine/amd64/Context.o: MAYB: test: pic, reason: no valid notes found regarding this test Hardened: redhat-linux-build/coroutine/amd64/Context.o: info: For more information visit: https://sourceware.org/annobin/annobin.html/Test-pic.html Hardened: redhat-linux-build/coroutine/amd64/Context.o: PASS: production test Hardened: redhat-linux-build/coroutine/amd64/Context.o: skip: property-note test because property notes not needed in object files Hardened: redhat-linux-build/coroutine/amd64/Context.o: PASS: run-path test Hardened: redhat-linux-build/coroutine/amd64/Context.o: PASS: rwx-seg test Hardened: redhat-linux-build/coroutine/amd64/Context.o: PASS: short-enums test Hardened: redhat-linux-build/coroutine/amd64/Context.o: MAYB: test: stack-clash, reason: could not determine how the code was created Hardened: redhat-linux-build/coroutine/amd64/Context.o: info: For more information visit: https://sourceware.org/annobin/annobin.html/Test-stack-clash.html Hardened: redhat-linux-build/coroutine/amd64/Context.o: WARN: This can happen if the program is compiled from a language unknown to annocheck Hardened: redhat-linux-build/coroutine/amd64/Context.o: WARN: or because there are no annobin build notes (could they be in a separate file ?) Hardened: redhat-linux-build/coroutine/amd64/Context.o: WARN: For more details see https://sourceware.org/annobin/annobin.html/Absence-of-compiled-code.html Hardened: redhat-linux-build/coroutine/amd64/Context.o: MAYB: test: stack-prot, reason: could not determine how the code was created Hardened: redhat-linux-build/coroutine/amd64/Context.o: info: For more information visit: https://sourceware.org/annobin/annobin.html/Test-stack-prot.html Hardened: redhat-linux-build/coroutine/amd64/Context.o: WARN: This can happen if the program is compiled from a language unknown to annocheck Hardened: redhat-linux-build/coroutine/amd64/Context.o: WARN: or because there are no annobin build notes (could they be in a separate file ?) Hardened: redhat-linux-build/coroutine/amd64/Context.o: WARN: For more details see https://sourceware.org/annobin/annobin.html/Absence-of-compiled-code.html Hardened: redhat-linux-build/coroutine/amd64/Context.o: skip: stack-realign test because not an i686 executable Hardened: redhat-linux-build/coroutine/amd64/Context.o: PASS: textrel test Hardened: redhat-linux-build/coroutine/amd64/Context.o: PASS: threads test Hardened: redhat-linux-build/coroutine/amd64/Context.o: PASS: unicode test Hardened: redhat-linux-build/coroutine/amd64/Context.o: skip: warnings test because no compiled C/C++ code found Hardened: redhat-linux-build/coroutine/amd64/Context.o: PASS: writable-got test Hardened: redhat-linux-build/coroutine/amd64/Context.o: Overall: FAIL (due to MAYB results). ~~~ Well, `skip: cf-protection test because not an x86_64 executable` is not really helpful, therefore I have opened ticket with annocheck folks [1], where they suggest to update the `Context.S` according to the following guidelines: https://sourceware.org/annobin/annobin.html/Test-cf-protection.html P.S. With YJIT enabled, there is also issue with the Rust code, therefore I have tested this with YJIT disabled and without Rust available in the environment. [1]: https://bugzilla.redhat.com/show_bug.cgi?id=2284605 -- https://bugs.ruby-lang.org/ ______________________________________________ ruby-core mailing list -- ruby-core@ml.ruby-lang.org To unsubscribe send an email to ruby-core-leave@ml.ruby-lang.org ruby-core info -- https://ml.ruby-lang.org/mailman3/postorius/lists/ruby-core.ml.ruby-lang.org/