lib/glibc
1
0
Fork 0
mirror of https://sourceware.org/git/glibc.git synced 2025-08-07 06:43:00 +03:00
Code Activity

Don't use INTVARDEF/INTUSE with __libc_enable_secure (bug 14132).

Browse Source 
Continuing the removal of the obsolete INTDEF / INTVARDEF / INTUSE
mechanism, this patch replaces its use for __libc_enable_secure with
the use of rtld_hidden_data_def and rtld_hidden_proto.

Tested for x86_64 that installed stripped shared libraries are
unchanged by the patch.

	[BZ #14132]
	* elf/dl-sysdep.c (__libc_enable_secure): Use rtld_hidden_data_def
	instead of INTVARDEF.
	(_dl_sysdep_start): Do not use INTUSE with __libc_enable_secure.
	* sysdeps/mach/hurd/dl-sysdep.c (__libc_enable_secure): Use
	rtld_hidden_data_def instead of INTVARDEF.
	(_dl_sysdep_start): Do not use INTUSE with __libc_enable_secure.
	* elf/dl-deps.c (expand_dst): Likewise.
	* elf/dl-load.c (_dl_dst_count): Likewise.
	(_dl_dst_substitute): Likewise.
	(decompose_rpath): Likewise.
	(_dl_init_paths): Likewise.
	(open_path): Likewise.
	(_dl_map_object): Likewise.
	* elf/rtld.c (dl_main): Likewise.
	(process_dl_audit): Likewise.
	(process_envvars): Likewise.
	* include/unistd.h [IS_IN_rtld] (__libc_enable_secure_internal):
	Remove declaration.
	(__libc_enable_secure): Use rtld_hidden_proto.
This commit is contained in:
Joseph Myers
2014-10-10 11:13:11 +00:00
parent b8c80a7e0d
commit 6bc6bd3b10
7 changed files with 48 additions and 28 deletions
Download Patch File Download Diff File Expand all files Collapse all files

23
ChangeLog
View File

@@ -1,3 +1,26 @@
2014-10-10 Joseph Myers <joseph@codesourcery.com>
[BZ #14132]
* elf/dl-sysdep.c (__libc_enable_secure): Use rtld_hidden_data_def
instead of INTVARDEF.
(_dl_sysdep_start): Do not use INTUSE with __libc_enable_secure.
* sysdeps/mach/hurd/dl-sysdep.c (__libc_enable_secure): Use
rtld_hidden_data_def instead of INTVARDEF.
(_dl_sysdep_start): Do not use INTUSE with __libc_enable_secure.
* elf/dl-deps.c (expand_dst): Likewise.
* elf/dl-load.c (_dl_dst_count): Likewise.
(_dl_dst_substitute): Likewise.
(decompose_rpath): Likewise.
(_dl_init_paths): Likewise.
(open_path): Likewise.
(_dl_map_object): Likewise.
* elf/rtld.c (dl_main): Likewise.
(process_dl_audit): Likewise.
(process_envvars): Likewise.
* include/unistd.h [IS_IN_rtld] (__libc_enable_secure_internal):
Remove declaration.
(__libc_enable_secure): Use rtld_hidden_proto.
2014-10-09 Kostya Serebryany <konstantin.s.serebryany@gmail.com> 2014-10-09 Kostya Serebryany <konstantin.s.serebryany@gmail.com>
* elf/dl-load.c * elf/dl-load.c

2
elf/dl-deps.c
View File

@@ -108,7 +108,7 @@ struct list
char *__newp; \ char *__newp; \
\ \
/* DST must not appear in SUID/SGID programs. */ \ /* DST must not appear in SUID/SGID programs. */ \
if (INTUSE(__libc_enable_secure)) \ if (__libc_enable_secure) \
_dl_signal_error (0, __str, NULL, N_("\ _dl_signal_error (0, __str, NULL, N_("\
DST not allowed in SUID/SGID programs")); \ DST not allowed in SUID/SGID programs")); \
\ \

14
elf/dl-load.c
View File

@@ -262,7 +262,7 @@ _dl_dst_count (const char *name, int is_path)
is $ORIGIN alone) and it must always appear first in path. */ is $ORIGIN alone) and it must always appear first in path. */
++name; ++name;
if ((len = is_dst (start, name, "ORIGIN", is_path, if ((len = is_dst (start, name, "ORIGIN", is_path,
INTUSE(__libc_enable_secure))) != 0 __libc_enable_secure)) != 0
|| (len = is_dst (start, name, "PLATFORM", is_path, 0)) != 0 || (len = is_dst (start, name, "PLATFORM", is_path, 0)) != 0
|| (len = is_dst (start, name, "LIB", is_path, 0)) != 0) || (len = is_dst (start, name, "LIB", is_path, 0)) != 0)
++cnt; ++cnt;
@@ -298,10 +298,10 @@ _dl_dst_substitute (struct link_map *l, const char *name, char *result,
++name; ++name;
if ((len = is_dst (start, name, "ORIGIN", is_path, if ((len = is_dst (start, name, "ORIGIN", is_path,
INTUSE(__libc_enable_secure))) != 0) __libc_enable_secure)) != 0)
{ {
repl = l->l_origin; repl = l->l_origin;
check_for_trusted = (INTUSE(__libc_enable_secure) check_for_trusted = (__libc_enable_secure
&& l->l_type == lt_executable); && l->l_type == lt_executable);
} }
else if ((len = is_dst (start, name, "PLATFORM", is_path, 0)) != 0) else if ((len = is_dst (start, name, "PLATFORM", is_path, 0)) != 0)
@@ -563,7 +563,7 @@ decompose_rpath (struct r_search_path_struct *sps,
/* First see whether we must forget the RUNPATH and RPATH from this /* First see whether we must forget the RUNPATH and RPATH from this
object. */ object. */
if (__glibc_unlikely (GLRO(dl_inhibit_rpath) != NULL) if (__glibc_unlikely (GLRO(dl_inhibit_rpath) != NULL)
&& !INTUSE(__libc_enable_secure)) && !__libc_enable_secure)
{ {
const char *inhp = GLRO(dl_inhibit_rpath); const char *inhp = GLRO(dl_inhibit_rpath);
@@ -828,7 +828,7 @@ _dl_init_paths (const char *llp)
} }
(void) fillin_rpath (llp_tmp, env_path_list.dirs, ":;", (void) fillin_rpath (llp_tmp, env_path_list.dirs, ":;",
INTUSE(__libc_enable_secure), "LD_LIBRARY_PATH", __libc_enable_secure, "LD_LIBRARY_PATH",
NULL, l); NULL, l);
if (env_path_list.dirs[0] == NULL) if (env_path_list.dirs[0] == NULL)
@@ -1842,7 +1842,7 @@ open_path (const char *name, size_t namelen, int mode,
here_any |= this_dir->status[cnt] != nonexisting; here_any |= this_dir->status[cnt] != nonexisting;
if (fd != -1 && __glibc_unlikely (mode & __RTLD_SECURE) if (fd != -1 && __glibc_unlikely (mode & __RTLD_SECURE)
&& INTUSE(__libc_enable_secure)) && __libc_enable_secure)
{ {
/* This is an extra security effort to make sure nobody can /* This is an extra security effort to make sure nobody can
preload broken shared objects which are in the trusted preload broken shared objects which are in the trusted
@@ -2054,7 +2054,7 @@ _dl_map_object (struct link_map *loader, const char *name,
#ifdef USE_LDCONFIG #ifdef USE_LDCONFIG
if (fd == -1 if (fd == -1
&& (__glibc_likely ((mode & __RTLD_SECURE) == 0) && (__glibc_likely ((mode & __RTLD_SECURE) == 0)
|| ! INTUSE(__libc_enable_secure)) || ! __libc_enable_secure)
&& __glibc_likely (GLRO(dl_inhibit_cache) == 0)) && __glibc_likely (GLRO(dl_inhibit_cache) == 0))
{ {
/* Check the list of libraries in the file /etc/ld.so.cache, /* Check the list of libraries in the file /etc/ld.so.cache,

8
elf/dl-sysdep.c
View File

@@ -54,7 +54,7 @@ extern void __libc_check_standard_fds (void);
ElfW(Addr) _dl_base_addr; ElfW(Addr) _dl_base_addr;
#endif #endif
int __libc_enable_secure attribute_relro = 0; int __libc_enable_secure attribute_relro = 0;
INTVARDEF(__libc_enable_secure) rtld_hidden_data_def (__libc_enable_secure)
int __libc_multiple_libcs = 0; /* Defining this here avoids the inclusion int __libc_multiple_libcs = 0; /* Defining this here avoids the inclusion
of init-first. */ of init-first. */
/* This variable contains the lowest stack address ever used. */ /* This variable contains the lowest stack address ever used. */
@@ -148,7 +148,7 @@ _dl_sysdep_start (void **start_argptr,
#ifndef HAVE_AUX_SECURE #ifndef HAVE_AUX_SECURE
seen = -1; seen = -1;
#endif #endif
INTUSE(__libc_enable_secure) = av->a_un.a_val; __libc_enable_secure = av->a_un.a_val;
break; break;
case AT_PLATFORM: case AT_PLATFORM:
GLRO(dl_platform) = (void *) av->a_un.a_val; GLRO(dl_platform) = (void *) av->a_un.a_val;
@@ -199,7 +199,7 @@ _dl_sysdep_start (void **start_argptr,
/* If one of the two pairs of IDs does not match this is a setuid /* If one of the two pairs of IDs does not match this is a setuid
or setgid run. */ or setgid run. */
INTUSE(__libc_enable_secure) = uid | gid; __libc_enable_secure = uid | gid;
} }
#endif #endif
@@ -243,7 +243,7 @@ _dl_sysdep_start (void **start_argptr,
/* If this is a SUID program we make sure that FDs 0, 1, and 2 are /* If this is a SUID program we make sure that FDs 0, 1, and 2 are
allocated. If necessary we are doing it ourself. If it is not allocated. If necessary we are doing it ourself. If it is not
possible we stop the program. */ possible we stop the program. */
if (__builtin_expect (INTUSE(__libc_enable_secure), 0)) if (__builtin_expect (__libc_enable_secure, 0))
__libc_check_standard_fds (); __libc_check_standard_fds ();
(*dl_main) (phdr, phnum, &user_entry, GLRO(dl_auxv)); (*dl_main) (phdr, phnum, &user_entry, GLRO(dl_auxv));

18
elf/rtld.c
View File

@@ -1498,7 +1498,7 @@ ERROR: ld.so: object '%s' cannot be loaded as audit interface: %s; ignored.\n",
/* Prevent optimizing strsep. Speed is not important here. */ /* Prevent optimizing strsep. Speed is not important here. */
while ((p = (strsep) (&list, " :")) != NULL) while ((p = (strsep) (&list, " :")) != NULL)
if (p[0] != '\0' if (p[0] != '\0'
&& (__builtin_expect (! INTUSE(__libc_enable_secure), 1) && (__builtin_expect (! __libc_enable_secure, 1)
|| strchr (p, '/') == NULL)) || strchr (p, '/') == NULL))
npreloads += do_preload (p, main_map, "LD_PRELOAD"); npreloads += do_preload (p, main_map, "LD_PRELOAD");
@@ -2318,7 +2318,7 @@ process_dl_audit (char *str)
while ((p = (strsep) (&str, ":")) != NULL) while ((p = (strsep) (&str, ":")) != NULL)
if (p[0] != '\0' if (p[0] != '\0'
&& (__builtin_expect (! INTUSE(__libc_enable_secure), 1) && (__builtin_expect (! __libc_enable_secure, 1)
|| strchr (p, '/') == NULL)) || strchr (p, '/') == NULL))
{ {
/* This is using the local malloc, not the system malloc. The /* This is using the local malloc, not the system malloc. The
@@ -2352,7 +2352,7 @@ process_envvars (enum mode *modep)
/* This is the default place for profiling data file. */ /* This is the default place for profiling data file. */
GLRO(dl_profile_output) GLRO(dl_profile_output)
= &"/var/tmp\0/var/profile"[INTUSE(__libc_enable_secure) ? 9 : 0]; = &"/var/tmp\0/var/profile"[__libc_enable_secure ? 9 : 0];
while ((envline = _dl_next_ld_env_entry (&runp)) != NULL) while ((envline = _dl_next_ld_env_entry (&runp)) != NULL)
{ {
@@ -2420,7 +2420,7 @@ process_envvars (enum mode *modep)
case 9: case 9:
/* Test whether we want to see the content of the auxiliary /* Test whether we want to see the content of the auxiliary
array passed up from the kernel. */ array passed up from the kernel. */
if (!INTUSE(__libc_enable_secure) if (!__libc_enable_secure
&& memcmp (envline, "SHOW_AUXV", 9) == 0) && memcmp (envline, "SHOW_AUXV", 9) == 0)
_dl_show_auxv (); _dl_show_auxv ();
break; break;
@@ -2434,7 +2434,7 @@ process_envvars (enum mode *modep)
case 11: case 11:
/* Path where the binary is found. */ /* Path where the binary is found. */
if (!INTUSE(__libc_enable_secure) if (!__libc_enable_secure
&& memcmp (envline, "ORIGIN_PATH", 11) == 0) && memcmp (envline, "ORIGIN_PATH", 11) == 0)
GLRO(dl_origin_path) = &envline[12]; GLRO(dl_origin_path) = &envline[12];
break; break;
@@ -2454,7 +2454,7 @@ process_envvars (enum mode *modep)
break; break;
} }
if (!INTUSE(__libc_enable_secure) if (!__libc_enable_secure
&& memcmp (envline, "DYNAMIC_WEAK", 12) == 0) && memcmp (envline, "DYNAMIC_WEAK", 12) == 0)
GLRO(dl_dynamic_weak) = 1; GLRO(dl_dynamic_weak) = 1;
break; break;
@@ -2465,7 +2465,7 @@ process_envvars (enum mode *modep)
#ifdef EXTRA_LD_ENVVARS_13 #ifdef EXTRA_LD_ENVVARS_13
EXTRA_LD_ENVVARS_13 EXTRA_LD_ENVVARS_13
#endif #endif
if (!INTUSE(__libc_enable_secure) if (!__libc_enable_secure
&& memcmp (envline, "USE_LOAD_BIAS", 13) == 0) && memcmp (envline, "USE_LOAD_BIAS", 13) == 0)
{ {
GLRO(dl_use_load_bias) = envline[14] == '1' ? -1 : 0; GLRO(dl_use_load_bias) = envline[14] == '1' ? -1 : 0;
@@ -2478,7 +2478,7 @@ process_envvars (enum mode *modep)
case 14: case 14:
/* Where to place the profiling data file. */ /* Where to place the profiling data file. */
if (!INTUSE(__libc_enable_secure) if (!__libc_enable_secure
&& memcmp (envline, "PROFILE_OUTPUT", 14) == 0 && memcmp (envline, "PROFILE_OUTPUT", 14) == 0
&& envline[15] != '\0') && envline[15] != '\0')
GLRO(dl_profile_output) = &envline[15]; GLRO(dl_profile_output) = &envline[15];
@@ -2516,7 +2516,7 @@ process_envvars (enum mode *modep)
/* Extra security for SUID binaries. Remove all dangerous environment /* Extra security for SUID binaries. Remove all dangerous environment
variables. */ variables. */
if (__builtin_expect (INTUSE(__libc_enable_secure), 0)) if (__builtin_expect (__libc_enable_secure, 0))
{ {
static const char unsecure_envvars[] = static const char unsecure_envvars[] =
#ifdef EXTRA_UNSECURE_ENVVARS #ifdef EXTRA_UNSECURE_ENVVARS

5
include/unistd.h
View File

@@ -151,10 +151,7 @@ libc_hidden_proto (__sbrk)
environment variables that normally affect them. */ environment variables that normally affect them. */
extern int __libc_enable_secure attribute_relro; extern int __libc_enable_secure attribute_relro;
extern int __libc_enable_secure_decided; extern int __libc_enable_secure_decided;
#ifdef IS_IN_rtld rtld_hidden_proto (__libc_enable_secure)
/* XXX The #ifdef should go. */
extern int __libc_enable_secure_internal attribute_relro attribute_hidden;
#endif
/* Various internal function. */ /* Various internal function. */

6
sysdeps/mach/hurd/dl-sysdep.c
View File

@@ -51,7 +51,7 @@ extern char **_dl_argv;
extern char **_environ; extern char **_environ;
int __libc_enable_secure = 0; int __libc_enable_secure = 0;
INTVARDEF(__libc_enable_secure) rtld_hidden_data_def (__libc_enable_secure)
int __libc_multiple_libcs = 0; /* Defining this here avoids the inclusion int __libc_multiple_libcs = 0; /* Defining this here avoids the inclusion
of init-first. */ of init-first. */
/* This variable contains the lowest stack address ever used. */ /* This variable contains the lowest stack address ever used. */
@@ -140,7 +140,7 @@ _dl_sysdep_start (void **start_argptr,
else else
_dl_hurd_data = (void *) p; _dl_hurd_data = (void *) p;
INTUSE(__libc_enable_secure) = _dl_hurd_data->flags & EXEC_SECURE; __libc_enable_secure = _dl_hurd_data->flags & EXEC_SECURE;
if (_dl_hurd_data->flags & EXEC_STACK_ARGS && if (_dl_hurd_data->flags & EXEC_STACK_ARGS &&
_dl_hurd_data->user_entry == 0) _dl_hurd_data->user_entry == 0)
@@ -220,7 +220,7 @@ unfmh(); /* XXX */
environment list. environment list.
We use memmove, since the locations might overlap. */ We use memmove, since the locations might overlap. */
if (INTUSE(__libc_enable_secure) || _dl_skip_args) if (__libc_enable_secure || _dl_skip_args)
{ {
char **newp; char **newp;