Don't use INTVARDEF/INTUSE with __libc_enable_secure (bug 14132).

Continuing the removal of the obsolete INTDEF / INTVARDEF / INTUSE
mechanism, this patch replaces its use for __libc_enable_secure with
the use of rtld_hidden_data_def and rtld_hidden_proto.

Tested for x86_64 that installed stripped shared libraries are
unchanged by the patch.

	[BZ #14132]
	* elf/dl-sysdep.c (__libc_enable_secure): Use rtld_hidden_data_def
	instead of INTVARDEF.
	(_dl_sysdep_start): Do not use INTUSE with __libc_enable_secure.
	* sysdeps/mach/hurd/dl-sysdep.c (__libc_enable_secure): Use
	rtld_hidden_data_def instead of INTVARDEF.
	(_dl_sysdep_start): Do not use INTUSE with __libc_enable_secure.
	* elf/dl-deps.c (expand_dst): Likewise.
	* elf/dl-load.c (_dl_dst_count): Likewise.
	(_dl_dst_substitute): Likewise.
	(decompose_rpath): Likewise.
	(_dl_init_paths): Likewise.
	(open_path): Likewise.
	(_dl_map_object): Likewise.
	* elf/rtld.c (dl_main): Likewise.
	(process_dl_audit): Likewise.
	(process_envvars): Likewise.
	* include/unistd.h [IS_IN_rtld] (__libc_enable_secure_internal):
	Remove declaration.
	(__libc_enable_secure): Use rtld_hidden_proto.
This commit is contained in:
Joseph Myers 2014-10-10 11:13:11 +00:00
parent b8c80a7e0d
commit 6bc6bd3b10
7 changed files with 48 additions and 28 deletions

View File

@ -1,3 +1,26 @@
2014-10-10 Joseph Myers <joseph@codesourcery.com>
[BZ #14132]
* elf/dl-sysdep.c (__libc_enable_secure): Use rtld_hidden_data_def
instead of INTVARDEF.
(_dl_sysdep_start): Do not use INTUSE with __libc_enable_secure.
* sysdeps/mach/hurd/dl-sysdep.c (__libc_enable_secure): Use
rtld_hidden_data_def instead of INTVARDEF.
(_dl_sysdep_start): Do not use INTUSE with __libc_enable_secure.
* elf/dl-deps.c (expand_dst): Likewise.
* elf/dl-load.c (_dl_dst_count): Likewise.
(_dl_dst_substitute): Likewise.
(decompose_rpath): Likewise.
(_dl_init_paths): Likewise.
(open_path): Likewise.
(_dl_map_object): Likewise.
* elf/rtld.c (dl_main): Likewise.
(process_dl_audit): Likewise.
(process_envvars): Likewise.
* include/unistd.h [IS_IN_rtld] (__libc_enable_secure_internal):
Remove declaration.
(__libc_enable_secure): Use rtld_hidden_proto.
2014-10-09 Kostya Serebryany <konstantin.s.serebryany@gmail.com>
* elf/dl-load.c

View File

@ -108,7 +108,7 @@ struct list
char *__newp; \
\
/* DST must not appear in SUID/SGID programs. */ \
if (INTUSE(__libc_enable_secure)) \
if (__libc_enable_secure) \
_dl_signal_error (0, __str, NULL, N_("\
DST not allowed in SUID/SGID programs")); \
\

View File

@ -262,7 +262,7 @@ _dl_dst_count (const char *name, int is_path)
is $ORIGIN alone) and it must always appear first in path. */
++name;
if ((len = is_dst (start, name, "ORIGIN", is_path,
INTUSE(__libc_enable_secure))) != 0
__libc_enable_secure)) != 0
|| (len = is_dst (start, name, "PLATFORM", is_path, 0)) != 0
|| (len = is_dst (start, name, "LIB", is_path, 0)) != 0)
++cnt;
@ -298,10 +298,10 @@ _dl_dst_substitute (struct link_map *l, const char *name, char *result,
++name;
if ((len = is_dst (start, name, "ORIGIN", is_path,
INTUSE(__libc_enable_secure))) != 0)
__libc_enable_secure)) != 0)
{
repl = l->l_origin;
check_for_trusted = (INTUSE(__libc_enable_secure)
check_for_trusted = (__libc_enable_secure
&& l->l_type == lt_executable);
}
else if ((len = is_dst (start, name, "PLATFORM", is_path, 0)) != 0)
@ -563,7 +563,7 @@ decompose_rpath (struct r_search_path_struct *sps,
/* First see whether we must forget the RUNPATH and RPATH from this
object. */
if (__glibc_unlikely (GLRO(dl_inhibit_rpath) != NULL)
&& !INTUSE(__libc_enable_secure))
&& !__libc_enable_secure)
{
const char *inhp = GLRO(dl_inhibit_rpath);
@ -828,7 +828,7 @@ _dl_init_paths (const char *llp)
}
(void) fillin_rpath (llp_tmp, env_path_list.dirs, ":;",
INTUSE(__libc_enable_secure), "LD_LIBRARY_PATH",
__libc_enable_secure, "LD_LIBRARY_PATH",
NULL, l);
if (env_path_list.dirs[0] == NULL)
@ -1842,7 +1842,7 @@ open_path (const char *name, size_t namelen, int mode,
here_any |= this_dir->status[cnt] != nonexisting;
if (fd != -1 && __glibc_unlikely (mode & __RTLD_SECURE)
&& INTUSE(__libc_enable_secure))
&& __libc_enable_secure)
{
/* This is an extra security effort to make sure nobody can
preload broken shared objects which are in the trusted
@ -2054,7 +2054,7 @@ _dl_map_object (struct link_map *loader, const char *name,
#ifdef USE_LDCONFIG
if (fd == -1
&& (__glibc_likely ((mode & __RTLD_SECURE) == 0)
|| ! INTUSE(__libc_enable_secure))
|| ! __libc_enable_secure)
&& __glibc_likely (GLRO(dl_inhibit_cache) == 0))
{
/* Check the list of libraries in the file /etc/ld.so.cache,

View File

@ -54,7 +54,7 @@ extern void __libc_check_standard_fds (void);
ElfW(Addr) _dl_base_addr;
#endif
int __libc_enable_secure attribute_relro = 0;
INTVARDEF(__libc_enable_secure)
rtld_hidden_data_def (__libc_enable_secure)
int __libc_multiple_libcs = 0; /* Defining this here avoids the inclusion
of init-first. */
/* This variable contains the lowest stack address ever used. */
@ -148,7 +148,7 @@ _dl_sysdep_start (void **start_argptr,
#ifndef HAVE_AUX_SECURE
seen = -1;
#endif
INTUSE(__libc_enable_secure) = av->a_un.a_val;
__libc_enable_secure = av->a_un.a_val;
break;
case AT_PLATFORM:
GLRO(dl_platform) = (void *) av->a_un.a_val;
@ -199,7 +199,7 @@ _dl_sysdep_start (void **start_argptr,
/* If one of the two pairs of IDs does not match this is a setuid
or setgid run. */
INTUSE(__libc_enable_secure) = uid | gid;
__libc_enable_secure = uid | gid;
}
#endif
@ -243,7 +243,7 @@ _dl_sysdep_start (void **start_argptr,
/* If this is a SUID program we make sure that FDs 0, 1, and 2 are
allocated. If necessary we are doing it ourself. If it is not
possible we stop the program. */
if (__builtin_expect (INTUSE(__libc_enable_secure), 0))
if (__builtin_expect (__libc_enable_secure, 0))
__libc_check_standard_fds ();
(*dl_main) (phdr, phnum, &user_entry, GLRO(dl_auxv));

View File

@ -1498,7 +1498,7 @@ ERROR: ld.so: object '%s' cannot be loaded as audit interface: %s; ignored.\n",
/* Prevent optimizing strsep. Speed is not important here. */
while ((p = (strsep) (&list, " :")) != NULL)
if (p[0] != '\0'
&& (__builtin_expect (! INTUSE(__libc_enable_secure), 1)
&& (__builtin_expect (! __libc_enable_secure, 1)
|| strchr (p, '/') == NULL))
npreloads += do_preload (p, main_map, "LD_PRELOAD");
@ -2318,7 +2318,7 @@ process_dl_audit (char *str)
while ((p = (strsep) (&str, ":")) != NULL)
if (p[0] != '\0'
&& (__builtin_expect (! INTUSE(__libc_enable_secure), 1)
&& (__builtin_expect (! __libc_enable_secure, 1)
|| strchr (p, '/') == NULL))
{
/* This is using the local malloc, not the system malloc. The
@ -2352,7 +2352,7 @@ process_envvars (enum mode *modep)
/* This is the default place for profiling data file. */
GLRO(dl_profile_output)
= &"/var/tmp\0/var/profile"[INTUSE(__libc_enable_secure) ? 9 : 0];
= &"/var/tmp\0/var/profile"[__libc_enable_secure ? 9 : 0];
while ((envline = _dl_next_ld_env_entry (&runp)) != NULL)
{
@ -2420,7 +2420,7 @@ process_envvars (enum mode *modep)
case 9:
/* Test whether we want to see the content of the auxiliary
array passed up from the kernel. */
if (!INTUSE(__libc_enable_secure)
if (!__libc_enable_secure
&& memcmp (envline, "SHOW_AUXV", 9) == 0)
_dl_show_auxv ();
break;
@ -2434,7 +2434,7 @@ process_envvars (enum mode *modep)
case 11:
/* Path where the binary is found. */
if (!INTUSE(__libc_enable_secure)
if (!__libc_enable_secure
&& memcmp (envline, "ORIGIN_PATH", 11) == 0)
GLRO(dl_origin_path) = &envline[12];
break;
@ -2454,7 +2454,7 @@ process_envvars (enum mode *modep)
break;
}
if (!INTUSE(__libc_enable_secure)
if (!__libc_enable_secure
&& memcmp (envline, "DYNAMIC_WEAK", 12) == 0)
GLRO(dl_dynamic_weak) = 1;
break;
@ -2465,7 +2465,7 @@ process_envvars (enum mode *modep)
#ifdef EXTRA_LD_ENVVARS_13
EXTRA_LD_ENVVARS_13
#endif
if (!INTUSE(__libc_enable_secure)
if (!__libc_enable_secure
&& memcmp (envline, "USE_LOAD_BIAS", 13) == 0)
{
GLRO(dl_use_load_bias) = envline[14] == '1' ? -1 : 0;
@ -2478,7 +2478,7 @@ process_envvars (enum mode *modep)
case 14:
/* Where to place the profiling data file. */
if (!INTUSE(__libc_enable_secure)
if (!__libc_enable_secure
&& memcmp (envline, "PROFILE_OUTPUT", 14) == 0
&& envline[15] != '\0')
GLRO(dl_profile_output) = &envline[15];
@ -2516,7 +2516,7 @@ process_envvars (enum mode *modep)
/* Extra security for SUID binaries. Remove all dangerous environment
variables. */
if (__builtin_expect (INTUSE(__libc_enable_secure), 0))
if (__builtin_expect (__libc_enable_secure, 0))
{
static const char unsecure_envvars[] =
#ifdef EXTRA_UNSECURE_ENVVARS

View File

@ -151,10 +151,7 @@ libc_hidden_proto (__sbrk)
environment variables that normally affect them. */
extern int __libc_enable_secure attribute_relro;
extern int __libc_enable_secure_decided;
#ifdef IS_IN_rtld
/* XXX The #ifdef should go. */
extern int __libc_enable_secure_internal attribute_relro attribute_hidden;
#endif
rtld_hidden_proto (__libc_enable_secure)
/* Various internal function. */

View File

@ -51,7 +51,7 @@ extern char **_dl_argv;
extern char **_environ;
int __libc_enable_secure = 0;
INTVARDEF(__libc_enable_secure)
rtld_hidden_data_def (__libc_enable_secure)
int __libc_multiple_libcs = 0; /* Defining this here avoids the inclusion
of init-first. */
/* This variable contains the lowest stack address ever used. */
@ -140,7 +140,7 @@ _dl_sysdep_start (void **start_argptr,
else
_dl_hurd_data = (void *) p;
INTUSE(__libc_enable_secure) = _dl_hurd_data->flags & EXEC_SECURE;
__libc_enable_secure = _dl_hurd_data->flags & EXEC_SECURE;
if (_dl_hurd_data->flags & EXEC_STACK_ARGS &&
_dl_hurd_data->user_entry == 0)
@ -220,7 +220,7 @@ unfmh(); /* XXX */
environment list.
We use memmove, since the locations might overlap. */
if (INTUSE(__libc_enable_secure) || _dl_skip_args)
if (__libc_enable_secure || _dl_skip_args)
{
char **newp;