1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
|
# http://seclists.org/fulldisclosure/2010/Oct/344
# http://sourceware.org/ml/libc-hacker/2010-10/msg00010.html
2010-10-22 Andreas Schwab <schwab@redhat.com>
* include/dlfcn.h (__RTLD_SECURE): Define.
* elf/dl-load.c (_dl_map_object): Remove preloaded parameter. Use
mode & __RTLD_SECURE instead.
(open_path): Rename preloaded parameter to secure.
* sysdeps/generic/ldsodefs.h (_dl_map_object): Adjust declaration.
* elf/dl-open.c (dl_open_worker): Adjust call to _dl_map_object.
* elf/dl-deps.c (openaux): Likewise.
* elf/rtld.c (struct map_args): Remove is_preloaded.
(map_doit): Don't use it.
(dl_main): Likewise.
(do_preload): Use __RTLD_SECURE instead of is_preloaded.
(dlmopen_doit): Add __RTLD_SECURE to mode bits.
---
elf/dl-deps.c | 2 +-
elf/dl-load.c | 20 +++++++++++---------
elf/dl-open.c | 2 +-
elf/rtld.c | 16 +++++++---------
include/dlfcn.h | 1 +
sysdeps/generic/ldsodefs.h | 6 ++----
6 files changed, 23 insertions(+), 24 deletions(-)
diff --git a/elf/dl-deps.c b/elf/dl-deps.c
index e5b9cdf..1cab2d1 100644
--- a/elf/dl-deps.c
+++ b/elf/dl-deps.c
@@ -62,7 +62,7 @@ openaux (void *a)
{
struct openaux_args *args = (struct openaux_args *) a;
- args->aux = _dl_map_object (args->map, args->name, 0,
+ args->aux = _dl_map_object (args->map, args->name,
(args->map->l_type == lt_executable
? lt_library : args->map->l_type),
args->trace_mode, args->open_mode,
diff --git a/elf/dl-load.c b/elf/dl-load.c
index 776f7e4..9ab3520 100644
--- a/elf/dl-load.c
+++ b/elf/dl-load.c
@@ -1808,7 +1808,7 @@ open_verify (const char *name, struct filebuf *fbp, struct link_map *loader,
if MAY_FREE_DIRS is true. */
static int
-open_path (const char *name, size_t namelen, int preloaded,
+open_path (const char *name, size_t namelen, int secure,
struct r_search_path_struct *sps, char **realname,
struct filebuf *fbp, struct link_map *loader, int whatcode,
bool *found_other_class)
@@ -1890,7 +1890,7 @@ open_path (const char *name, size_t namelen, int preloaded,
/* Remember whether we found any existing directory. */
here_any |= this_dir->status[cnt] != nonexisting;
- if (fd != -1 && __builtin_expect (preloaded, 0)
+ if (fd != -1 && __builtin_expect (secure, 0)
&& INTUSE(__libc_enable_secure))
{
/* This is an extra security effort to make sure nobody can
@@ -1959,7 +1959,7 @@ open_path (const char *name, size_t namelen, int preloaded,
struct link_map *
internal_function
-_dl_map_object (struct link_map *loader, const char *name, int preloaded,
+_dl_map_object (struct link_map *loader, const char *name,
int type, int trace_mode, int mode, Lmid_t nsid)
{
int fd;
@@ -2063,7 +2063,8 @@ _dl_map_object (struct link_map *loader, const char *name, int preloaded,
for (l = loader; l; l = l->l_loader)
if (cache_rpath (l, &l->l_rpath_dirs, DT_RPATH, "RPATH"))
{
- fd = open_path (name, namelen, preloaded, &l->l_rpath_dirs,
+ fd = open_path (name, namelen, mode & __RTLD_SECURE,
+ &l->l_rpath_dirs,
&realname, &fb, loader, LA_SER_RUNPATH,
&found_other_class);
if (fd != -1)
@@ -2078,14 +2079,15 @@ _dl_map_object (struct link_map *loader, const char *name, int preloaded,
&& main_map != NULL && main_map->l_type != lt_loaded
&& cache_rpath (main_map, &main_map->l_rpath_dirs, DT_RPATH,
"RPATH"))
- fd = open_path (name, namelen, preloaded, &main_map->l_rpath_dirs,
+ fd = open_path (name, namelen, mode & __RTLD_SECURE,
+ &main_map->l_rpath_dirs,
&realname, &fb, loader ?: main_map, LA_SER_RUNPATH,
&found_other_class);
}
/* Try the LD_LIBRARY_PATH environment variable. */
if (fd == -1 && env_path_list.dirs != (void *) -1)
- fd = open_path (name, namelen, preloaded, &env_path_list,
+ fd = open_path (name, namelen, mode & __RTLD_SECURE, &env_path_list,
&realname, &fb,
loader ?: GL(dl_ns)[LM_ID_BASE]._ns_loaded,
LA_SER_LIBPATH, &found_other_class);
@@ -2094,12 +2096,12 @@ _dl_map_object (struct link_map *loader, const char *name, int preloaded,
if (fd == -1 && loader != NULL
&& cache_rpath (loader, &loader->l_runpath_dirs,
DT_RUNPATH, "RUNPATH"))
- fd = open_path (name, namelen, preloaded,
+ fd = open_path (name, namelen, mode & __RTLD_SECURE,
&loader->l_runpath_dirs, &realname, &fb, loader,
LA_SER_RUNPATH, &found_other_class);
if (fd == -1
- && (__builtin_expect (! preloaded, 1)
+ && (__builtin_expect (! (mode & __RTLD_SECURE), 1)
|| ! INTUSE(__libc_enable_secure)))
{
/* Check the list of libraries in the file /etc/ld.so.cache,
@@ -2165,7 +2167,7 @@ _dl_map_object (struct link_map *loader, const char *name, int preloaded,
&& ((l = loader ?: GL(dl_ns)[nsid]._ns_loaded) == NULL
|| __builtin_expect (!(l->l_flags_1 & DF_1_NODEFLIB), 1))
&& rtld_search_dirs.dirs != (void *) -1)
- fd = open_path (name, namelen, preloaded, &rtld_search_dirs,
+ fd = open_path (name, namelen, mode & __RTLD_SECURE, &rtld_search_dirs,
&realname, &fb, l, LA_SER_DEFAULT, &found_other_class);
/* Add another newline when we are tracing the library loading. */
diff --git a/elf/dl-open.c b/elf/dl-open.c
index c394b3f..cf8e8cc 100644
--- a/elf/dl-open.c
+++ b/elf/dl-open.c
@@ -223,7 +223,7 @@ dl_open_worker (void *a)
/* Load the named object. */
struct link_map *new;
- args->map = new = _dl_map_object (call_map, file, 0, lt_loaded, 0,
+ args->map = new = _dl_map_object (call_map, file, lt_loaded, 0,
mode | __RTLD_CALLMAP, args->nsid);
/* If the pointer returned is NULL this means the RTLD_NOLOAD flag is
diff --git a/elf/rtld.c b/elf/rtld.c
index 201c9cf..4a8cee8 100644
--- a/elf/rtld.c
+++ b/elf/rtld.c
@@ -587,7 +587,6 @@ struct map_args
/* Argument to map_doit. */
char *str;
struct link_map *loader;
- int is_preloaded;
int mode;
/* Return value of map_doit. */
struct link_map *map;
@@ -625,16 +624,17 @@ static void
map_doit (void *a)
{
struct map_args *args = (struct map_args *) a;
- args->map = _dl_map_object (args->loader, args->str,
- args->is_preloaded, lt_library, 0, args->mode,
- LM_ID_BASE);
+ args->map = _dl_map_object (args->loader, args->str, lt_library, 0,
+ args->mode, LM_ID_BASE);
}
static void
dlmopen_doit (void *a)
{
struct dlmopen_args *args = (struct dlmopen_args *) a;
- args->map = _dl_open (args->fname, RTLD_LAZY | __RTLD_DLOPEN | __RTLD_AUDIT,
+ args->map = _dl_open (args->fname,
+ (RTLD_LAZY | __RTLD_DLOPEN | __RTLD_AUDIT
+ | __RTLD_SECURE),
dl_main, LM_ID_NEWLM, _dl_argc, INTUSE(_dl_argv),
__environ);
}
@@ -804,8 +804,7 @@ do_preload (char *fname, struct link_map *main_map, const char *where)
args.str = fname;
args.loader = main_map;
- args.is_preloaded = 1;
- args.mode = 0;
+ args.mode = __RTLD_SECURE;
unsigned int old_nloaded = GL(dl_ns)[LM_ID_BASE]._ns_nloaded;
@@ -1050,7 +1049,6 @@ of this helper program; chances are you did not intend to run this program.\n\
args.str = rtld_progname;
args.loader = NULL;
- args.is_preloaded = 0;
args.mode = __RTLD_OPENEXEC;
(void) _dl_catch_error (&objname, &err_str, &malloced, map_doit,
&args);
@@ -1062,7 +1060,7 @@ of this helper program; chances are you did not intend to run this program.\n\
else
{
HP_TIMING_NOW (start);
- _dl_map_object (NULL, rtld_progname, 0, lt_library, 0,
+ _dl_map_object (NULL, rtld_progname, lt_library, 0,
__RTLD_OPENEXEC, LM_ID_BASE);
HP_TIMING_NOW (stop);
diff --git a/include/dlfcn.h b/include/dlfcn.h
index a67426d..af92483 100644
--- a/include/dlfcn.h
+++ b/include/dlfcn.h
@@ -9,6 +9,7 @@
#define __RTLD_OPENEXEC 0x20000000
#define __RTLD_CALLMAP 0x10000000
#define __RTLD_AUDIT 0x08000000
+#define __RTLD_SECURE 0x04000000 /* Apply additional security checks. */
#define __LM_ID_CALLER -2
diff --git a/sysdeps/generic/ldsodefs.h b/sysdeps/generic/ldsodefs.h
index fcc943b..fa4b6b2 100644
--- a/sysdeps/generic/ldsodefs.h
+++ b/sysdeps/generic/ldsodefs.h
@@ -824,11 +824,9 @@ extern void _dl_receive_error (receiver_fct fct, void (*operate) (void *),
/* Open the shared object NAME and map in its segments.
LOADER's DT_RPATH is used in searching for NAME.
- If the object is already opened, returns its existing map.
- For preloaded shared objects PRELOADED is set to a non-zero
- value to allow additional security checks. */
+ If the object is already opened, returns its existing map. */
extern struct link_map *_dl_map_object (struct link_map *loader,
- const char *name, int preloaded,
+ const char *name,
int type, int trace_mode, int mode,
Lmid_t nsid)
internal_function attribute_hidden;
|
