[LTP] [PATCH] Add setsockopt10 TLS ULP UAF CVE-2023-0461

Petr Vorel pvorel@suse.cz
Mon Oct 16 21:57:08 CEST 2023 

Hi Richie,

> Hello,

> Petr Vorel <pvorel@suse.cz> writes:

> > Hi Richie, Cyril,

> >> >> On NixOS:

> >> >> $ ./setsockopt10
> >> >> tst_kconfig.c:87: TINFO: Parsing kernel config '/proc/config.gz'
> >> >> tst_kernel.c:110: TWARN: expected file /lib/modules/6.5.5/modules.dep does not exist or not a file
> >> >> tst_kernel.c:110: TWARN: expected file /lib/modules/6.5.5/modules.builtin does not exist or not a file

> > For my info: this comes from Cyrils suggestion to use .needs_drivers.

> >> > Can you strace modprobe to see what is different on the system, these
> >> > files have to be installed somewhere in order for modprobe to actually
> >> > work...

> >> They will be in /nix/store/<kernel package hash>/.../modules or similar.
> >> I can probably make it work on NixOS by creating a nix file, but I think
> >> there is a bigger issue.

> > "NixOS is a Linux distribution built on top of the Nix package manager." [1]

> > I have no idea why Linux distro needs non-standard patch. IMHO we can take patch
> > which detects NixOS and use it's path, but for the distro itself would be better
> > if it has at least symlink to the standard path (i.e. it'd be worth to report
> > it).

> Only if you can point to a specification and NixOS accepts that spec. If
> it is not in POSIX then it is unlikely to get through. There is not even
> a /lib in NixOS. Any absolute paths interfere with reproducibility,
> isolation and such. To see how such a discussion is likey to go see this
> thread on /bin/bash:
> https://discourse.nixos.org/t/add-bin-bash-to-avoid-unnecessary-pain/5673

Lol, missing /bin/bash, that's serious, at least they have /bin/sh :).

> OTOH all we need is a Nix file which creates the symlinks (or patches
> LTP) and specifies the LTPs deps to create a reproducible build of LTP
> in Nix. At some point I'll add it to CI.

I'm open to any solution - different path for NixOS or environment variable,
which could be used for NixOS (and maybe hopefully for other use case).
Please send a patch, whatever looks best to you.

> However this doesn't help other distro's or embedded systems that we
> don't personally use.


> > As Cyril noted we have .needs_drivers, but that's also require config files in
> > /lib/modules. But setsockopt10 could also benefit from .modprobe patchset [2],
> > particularly [3]. i.e. instead of asking for CONFIG_TLS "modprobe tls" could
> > work. But currently we also expect modules.builtin is in /lib/modules. We could
> > rethink that (e.g. introduce variable which ignores the check, or allows to pass
> > path the correct prefix of the directory or remove
> > tst_check_builtin_driver(name), which is based on parsing modules.builtin).

> > But for broader discussion please comment on the patchset itself.

> > And now something completely different: root vs. normal user:
> > $ find /lib/modules/$(uname -r) |grep tls
> > ...
> > /lib/modules/6.5.0-1-amd64/kernel/net/tls/tls.ko

> > But this does not work, when run as user:
> > $ ./setsockopt10
> > ...
> > setsockopt10.c:96: TINFO: child: Listen for tcp1 connection
> > setsockopt10.c:133: TINFO: parent: Connect for tcp0 connection
> > setsockopt10.c:138: TCONF: parent: setsockopt failed: The TLS module is probably not loaded: ENOENT (2)
> > tst_test.c:1622: TINFO: Killed the leftover descendant processes

> > Maybe that has been discussed, but I'd really request the root, because it works
> > with it:

> Yes, I did say why I don't want to require root in the previous
> message. However I'll take this to the patchset thread you posted.

Ah right, thanks for info. +1 for keeping the discussion there.

Kind regards,
Petr

> > # ./setsockopt10
> > ...
> > setsockopt10.c:145: TINFO: parent: Disconnect by setting unspec address
> > setsockopt10.c:153: TPASS: parent: Can't listen on disconnected TLS socket: EINVAL (22)
> > setsockopt10.c:110: TINFO: child: connect for tcp2 connection
> > setsockopt10.c:114: TINFO: child: could not connect to tcp1: ECONNREFUSED (111)

> > Kind regards,
> > Petr

> > [1] https://en.wikipedia.org/wiki/NixOS
> > [2] https://patchwork.ozlabs.org/project/ltp/list/?series=377451&state=*
> > [3] https://patchwork.ozlabs.org/project/ltp/patch/20231013074748.702214-3-pvorel@suse.cz/

More information about the ltp mailing list