mirror of
https://sourceware.org/git/glibc.git
synced 2024-11-21 12:30:06 +00:00
elf: Implement DT_AUDIT, DT_DEPAUDIT support [BZ #24943]
binutils ld has supported --audit, --depaudit for a long time, only support in glibc has been missing. Reviewed-by: Carlos O'Donell <carlos@redhat.com>
This commit is contained in:
parent
4c6e0415ef
commit
8f7a75d700
5
NEWS
5
NEWS
@ -11,6 +11,9 @@ Major new features:
|
||||
|
||||
* New locale added: ckb_IQ (Kurdish/Sorani spoken in Iraq)
|
||||
|
||||
* The GNU C Library now loads audit modules listed in the DT_AUDIT and
|
||||
DT_DEPAUDIT dynamic section entries of the main executable.
|
||||
|
||||
Deprecated and removed features, and other changes affecting compatibility:
|
||||
|
||||
[Add deprecations, removals and changes affecting compatibility here]
|
||||
@ -3815,7 +3818,7 @@ Version 2.16
|
||||
* Support for the x32 ABI on x86-64 added. The x32 target is selected by
|
||||
configuring glibc with:
|
||||
BUILD_CC='gcc' CC='gcc -mx32' CXX='g++ -mx32'
|
||||
Visit <http://sites.google.com/site/x32abi/> for more x32 ABI info.
|
||||
Visit <https://sites.google.com/site/x32abi/> for more x32 ABI info.
|
||||
Implemented by H.J. Lu.
|
||||
|
||||
* ISO C11 support:
|
||||
|
22
elf/Makefile
22
elf/Makefile
@ -202,7 +202,8 @@ tests += restest1 preloadtest loadfail multiload origtest resolvfail \
|
||||
tst-sonamemove-link tst-sonamemove-dlopen tst-dlopen-tlsmodid \
|
||||
tst-dlopen-self tst-auditmany tst-initfinilazyfail tst-dlopenfail \
|
||||
tst-dlopenfail-2 \
|
||||
tst-filterobj tst-filterobj-dlopen tst-auxobj tst-auxobj-dlopen
|
||||
tst-filterobj tst-filterobj-dlopen tst-auxobj tst-auxobj-dlopen \
|
||||
tst-audit14 tst-audit15 tst-audit16
|
||||
# reldep9
|
||||
tests-internal += loadtest unload unload2 circleload1 \
|
||||
neededtest neededtest2 neededtest3 neededtest4 \
|
||||
@ -314,7 +315,8 @@ modules-names = testobj1 testobj2 testobj3 testobj4 testobj5 testobj6 \
|
||||
tst-initlazyfailmod tst-finilazyfailmod \
|
||||
tst-dlopenfailmod1 tst-dlopenfaillinkmod tst-dlopenfailmod2 \
|
||||
tst-dlopenfailmod3 tst-ldconfig-ld-mod \
|
||||
tst-filterobj-flt tst-filterobj-aux tst-filterobj-filtee
|
||||
tst-filterobj-flt tst-filterobj-aux tst-filterobj-filtee \
|
||||
tst-auditlogmod-1 tst-auditlogmod-2 tst-auditlogmod-3
|
||||
# Most modules build with _ISOMAC defined, but those filtered out
|
||||
# depend on internal headers.
|
||||
modules-names-tests = $(filter-out ifuncmod% tst-libc_dlvsym-dso tst-tlsmod%,\
|
||||
@ -1498,6 +1500,22 @@ $(objpfx)tst-auditmany.out: $(objpfx)tst-auditmanymod1.so \
|
||||
tst-auditmany-ENV = \
|
||||
LD_AUDIT=tst-auditmanymod1.so:tst-auditmanymod2.so:tst-auditmanymod3.so:tst-auditmanymod4.so:tst-auditmanymod5.so:tst-auditmanymod6.so:tst-auditmanymod7.so:tst-auditmanymod8.so:tst-auditmanymod9.so
|
||||
|
||||
LDFLAGS-tst-audit14 = -Wl,--audit=tst-auditlogmod-1.so
|
||||
$(objpfx)tst-auditlogmod-1.so: $(libsupport)
|
||||
$(objpfx)tst-audit14.out: $(objpfx)tst-auditlogmod-1.so
|
||||
LDFLAGS-tst-audit15 = \
|
||||
-Wl,--audit=tst-auditlogmod-1.so,--depaudit=tst-auditlogmod-2.so
|
||||
$(objpfx)tst-auditlogmod-2.so: $(libsupport)
|
||||
$(objpfx)tst-audit15.out: \
|
||||
$(objpfx)tst-auditlogmod-1.so $(objpfx)tst-auditlogmod-2.so
|
||||
LDFLAGS-tst-audit16 = \
|
||||
-Wl,--audit=tst-auditlogmod-1.so:tst-auditlogmod-2.so \
|
||||
-Wl,--depaudit=tst-auditlogmod-3.so
|
||||
$(objpfx)tst-auditlogmod-3.so: $(libsupport)
|
||||
$(objpfx)tst-audit16.out: \
|
||||
$(objpfx)tst-auditlogmod-1.so $(objpfx)tst-auditlogmod-2.so \
|
||||
$(objpfx)tst-auditlogmod-3.so
|
||||
|
||||
# tst-sonamemove links against an older implementation of the library.
|
||||
LDFLAGS-tst-sonamemove-linkmod1.so = \
|
||||
-Wl,--version-script=tst-sonamemove-linkmod1.map \
|
||||
|
23
elf/rtld.c
23
elf/rtld.c
@ -153,9 +153,17 @@ static void audit_list_init (struct audit_list *);
|
||||
not be called after audit_list_next. */
|
||||
static void audit_list_add_string (struct audit_list *, const char *);
|
||||
|
||||
/* Add the audit strings from the link map, found in the dynamic
|
||||
segment at TG (either DT_AUDIT and DT_DEPAUDIT). Must be called
|
||||
before audit_list_next. */
|
||||
static void audit_list_add_dynamic_tag (struct audit_list *,
|
||||
struct link_map *,
|
||||
unsigned int tag);
|
||||
|
||||
/* Extract the next audit module from the audit list. Only modules
|
||||
for which dso_name_valid_for_suid is true are returned. Must be
|
||||
called after all the audit_list_add_string calls. */
|
||||
called after all the audit_list_add_string,
|
||||
audit_list_add_dynamic_tags calls. */
|
||||
static const char *audit_list_next (struct audit_list *);
|
||||
|
||||
/* This is a list of all the modes the dynamic loader can be in. */
|
||||
@ -235,6 +243,16 @@ audit_list_add_string (struct audit_list *list, const char *string)
|
||||
list->current_tail = string;
|
||||
}
|
||||
|
||||
static void
|
||||
audit_list_add_dynamic_tag (struct audit_list *list, struct link_map *main_map,
|
||||
unsigned int tag)
|
||||
{
|
||||
ElfW(Dyn) *info = main_map->l_info[ADDRIDX (tag)];
|
||||
const char *strtab = (const char *) D_PTR (main_map, l_info[DT_STRTAB]);
|
||||
if (info != NULL)
|
||||
audit_list_add_string (list, strtab + info->d_un.d_val);
|
||||
}
|
||||
|
||||
static const char *
|
||||
audit_list_next (struct audit_list *list)
|
||||
{
|
||||
@ -1637,6 +1655,9 @@ ERROR: '%s': cannot process note segment.\n", _dl_argv[0]);
|
||||
/* Assign a module ID. Do this before loading any audit modules. */
|
||||
GL(dl_rtld_map).l_tls_modid = _dl_next_tls_modid ();
|
||||
|
||||
audit_list_add_dynamic_tag (&audit_list, main_map, DT_AUDIT);
|
||||
audit_list_add_dynamic_tag (&audit_list, main_map, DT_DEPAUDIT);
|
||||
|
||||
/* If we have auditing DSOs to load, do it now. */
|
||||
bool need_security_init = true;
|
||||
if (audit_list.length > 0)
|
||||
|
46
elf/tst-audit14.c
Normal file
46
elf/tst-audit14.c
Normal file
@ -0,0 +1,46 @@
|
||||
/* Main program with DT_AUDIT. One audit module.
|
||||
Copyright (C) 2020 Free Software Foundation, Inc.
|
||||
This file is part of the GNU C Library.
|
||||
|
||||
The GNU C Library is free software; you can redistribute it and/or
|
||||
modify it under the terms of the GNU Lesser General Public
|
||||
License as published by the Free Software Foundation; either
|
||||
version 2.1 of the License, or (at your option) any later version.
|
||||
|
||||
The GNU C Library is distributed in the hope that it will be useful,
|
||||
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
||||
Lesser General Public License for more details.
|
||||
|
||||
You should have received a copy of the GNU Lesser General Public
|
||||
License along with the GNU C Library; if not, see
|
||||
<https://www.gnu.org/licenses/>. */
|
||||
|
||||
#include <stdlib.h>
|
||||
#include <string.h>
|
||||
#include <support/check.h>
|
||||
#include <support/xstdio.h>
|
||||
|
||||
static int
|
||||
do_test (void)
|
||||
{
|
||||
/* Verify what the audit module has written. This test assumes that
|
||||
standard output has been redirected to a regular file. */
|
||||
FILE *fp = xfopen ("/dev/stdout", "r");
|
||||
|
||||
char *buffer = NULL;
|
||||
size_t buffer_length = 0;
|
||||
size_t line_length = xgetline (&buffer, &buffer_length, fp);
|
||||
const char *message = "info: tst-auditlogmod-1.so loaded\n";
|
||||
TEST_COMPARE_BLOB (message, strlen (message), buffer, line_length);
|
||||
|
||||
/* No more audit module output. */
|
||||
line_length = xgetline (&buffer, &buffer_length, fp);
|
||||
TEST_COMPARE_BLOB ("", 0, buffer, line_length);
|
||||
|
||||
free (buffer);
|
||||
xfclose (fp);
|
||||
return 0;
|
||||
}
|
||||
|
||||
#include <support/test-driver.c>
|
50
elf/tst-audit15.c
Normal file
50
elf/tst-audit15.c
Normal file
@ -0,0 +1,50 @@
|
||||
/* Main program with DT_AUDIT and DT_DEPAUDIT. Two audit modules.
|
||||
Copyright (C) 2020 Free Software Foundation, Inc.
|
||||
This file is part of the GNU C Library.
|
||||
|
||||
The GNU C Library is free software; you can redistribute it and/or
|
||||
modify it under the terms of the GNU Lesser General Public
|
||||
License as published by the Free Software Foundation; either
|
||||
version 2.1 of the License, or (at your option) any later version.
|
||||
|
||||
The GNU C Library is distributed in the hope that it will be useful,
|
||||
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
||||
Lesser General Public License for more details.
|
||||
|
||||
You should have received a copy of the GNU Lesser General Public
|
||||
License along with the GNU C Library; if not, see
|
||||
<https://www.gnu.org/licenses/>. */
|
||||
|
||||
#include <stdlib.h>
|
||||
#include <string.h>
|
||||
#include <support/check.h>
|
||||
#include <support/xstdio.h>
|
||||
|
||||
static int
|
||||
do_test (void)
|
||||
{
|
||||
/* Verify what the audit modules have written. This test assumes
|
||||
that standard output has been redirected to a regular file. */
|
||||
FILE *fp = xfopen ("/dev/stdout", "r");
|
||||
|
||||
char *buffer = NULL;
|
||||
size_t buffer_length = 0;
|
||||
size_t line_length = xgetline (&buffer, &buffer_length, fp);
|
||||
const char *message = "info: tst-auditlogmod-1.so loaded\n";
|
||||
TEST_COMPARE_BLOB (message, strlen (message), buffer, line_length);
|
||||
|
||||
line_length = xgetline (&buffer, &buffer_length, fp);
|
||||
message = "info: tst-auditlogmod-2.so loaded\n";
|
||||
TEST_COMPARE_BLOB (message, strlen (message), buffer, line_length);
|
||||
|
||||
/* No more audit module output. */
|
||||
line_length = xgetline (&buffer, &buffer_length, fp);
|
||||
TEST_COMPARE_BLOB ("", 0, buffer, line_length);
|
||||
|
||||
free (buffer);
|
||||
xfclose (fp);
|
||||
return 0;
|
||||
}
|
||||
|
||||
#include <support/test-driver.c>
|
54
elf/tst-audit16.c
Normal file
54
elf/tst-audit16.c
Normal file
@ -0,0 +1,54 @@
|
||||
/* Main program with DT_AUDIT and DT_DEPAUDIT. Three audit modules.
|
||||
Copyright (C) 2020 Free Software Foundation, Inc.
|
||||
This file is part of the GNU C Library.
|
||||
|
||||
The GNU C Library is free software; you can redistribute it and/or
|
||||
modify it under the terms of the GNU Lesser General Public
|
||||
License as published by the Free Software Foundation; either
|
||||
version 2.1 of the License, or (at your option) any later version.
|
||||
|
||||
The GNU C Library is distributed in the hope that it will be useful,
|
||||
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
||||
Lesser General Public License for more details.
|
||||
|
||||
You should have received a copy of the GNU Lesser General Public
|
||||
License along with the GNU C Library; if not, see
|
||||
<https://www.gnu.org/licenses/>. */
|
||||
|
||||
#include <stdlib.h>
|
||||
#include <string.h>
|
||||
#include <support/check.h>
|
||||
#include <support/xstdio.h>
|
||||
|
||||
static int
|
||||
do_test (void)
|
||||
{
|
||||
/* Verify what the audit modules have written. This test assumes
|
||||
that standard output has been redirected to a regular file. */
|
||||
FILE *fp = xfopen ("/dev/stdout", "r");
|
||||
|
||||
char *buffer = NULL;
|
||||
size_t buffer_length = 0;
|
||||
size_t line_length = xgetline (&buffer, &buffer_length, fp);
|
||||
const char *message = "info: tst-auditlogmod-1.so loaded\n";
|
||||
TEST_COMPARE_BLOB (message, strlen (message), buffer, line_length);
|
||||
|
||||
line_length = xgetline (&buffer, &buffer_length, fp);
|
||||
message = "info: tst-auditlogmod-2.so loaded\n";
|
||||
TEST_COMPARE_BLOB (message, strlen (message), buffer, line_length);
|
||||
|
||||
line_length = xgetline (&buffer, &buffer_length, fp);
|
||||
message = "info: tst-auditlogmod-3.so loaded\n";
|
||||
TEST_COMPARE_BLOB (message, strlen (message), buffer, line_length);
|
||||
|
||||
/* No more audit module output. */
|
||||
line_length = xgetline (&buffer, &buffer_length, fp);
|
||||
TEST_COMPARE_BLOB ("", 0, buffer, line_length);
|
||||
|
||||
free (buffer);
|
||||
xfclose (fp);
|
||||
return 0;
|
||||
}
|
||||
|
||||
#include <support/test-driver.c>
|
27
elf/tst-auditlogmod-1.c
Normal file
27
elf/tst-auditlogmod-1.c
Normal file
@ -0,0 +1,27 @@
|
||||
/* Audit module which logs that it was loaded. Variant 1.
|
||||
Copyright (C) 2020 Free Software Foundation, Inc.
|
||||
This file is part of the GNU C Library.
|
||||
|
||||
The GNU C Library is free software; you can redistribute it and/or
|
||||
modify it under the terms of the GNU Lesser General Public
|
||||
License as published by the Free Software Foundation; either
|
||||
version 2.1 of the License, or (at your option) any later version.
|
||||
|
||||
The GNU C Library is distributed in the hope that it will be useful,
|
||||
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
||||
Lesser General Public License for more details.
|
||||
|
||||
You should have received a copy of the GNU Lesser General Public
|
||||
License along with the GNU C Library; if not, see
|
||||
<https://www.gnu.org/licenses/>. */
|
||||
|
||||
#include <link.h>
|
||||
#include <support/support.h>
|
||||
|
||||
unsigned int
|
||||
la_version (unsigned int v)
|
||||
{
|
||||
write_message ("info: tst-auditlogmod-1.so loaded\n");
|
||||
return LAV_CURRENT;
|
||||
}
|
27
elf/tst-auditlogmod-2.c
Normal file
27
elf/tst-auditlogmod-2.c
Normal file
@ -0,0 +1,27 @@
|
||||
/* Audit module which logs that it was loaded. Variant 2.
|
||||
Copyright (C) 2020 Free Software Foundation, Inc.
|
||||
This file is part of the GNU C Library.
|
||||
|
||||
The GNU C Library is free software; you can redistribute it and/or
|
||||
modify it under the terms of the GNU Lesser General Public
|
||||
License as published by the Free Software Foundation; either
|
||||
version 2.1 of the License, or (at your option) any later version.
|
||||
|
||||
The GNU C Library is distributed in the hope that it will be useful,
|
||||
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
||||
Lesser General Public License for more details.
|
||||
|
||||
You should have received a copy of the GNU Lesser General Public
|
||||
License along with the GNU C Library; if not, see
|
||||
<https://www.gnu.org/licenses/>. */
|
||||
|
||||
#include <link.h>
|
||||
#include <support/support.h>
|
||||
|
||||
unsigned int
|
||||
la_version (unsigned int v)
|
||||
{
|
||||
write_message ("info: tst-auditlogmod-2.so loaded\n");
|
||||
return LAV_CURRENT;
|
||||
}
|
27
elf/tst-auditlogmod-3.c
Normal file
27
elf/tst-auditlogmod-3.c
Normal file
@ -0,0 +1,27 @@
|
||||
/* Audit module which logs that it was loaded. Variant 3.
|
||||
Copyright (C) 2020 Free Software Foundation, Inc.
|
||||
This file is part of the GNU C Library.
|
||||
|
||||
The GNU C Library is free software; you can redistribute it and/or
|
||||
modify it under the terms of the GNU Lesser General Public
|
||||
License as published by the Free Software Foundation; either
|
||||
version 2.1 of the License, or (at your option) any later version.
|
||||
|
||||
The GNU C Library is distributed in the hope that it will be useful,
|
||||
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
||||
Lesser General Public License for more details.
|
||||
|
||||
You should have received a copy of the GNU Lesser General Public
|
||||
License along with the GNU C Library; if not, see
|
||||
<https://www.gnu.org/licenses/>. */
|
||||
|
||||
#include <link.h>
|
||||
#include <support/support.h>
|
||||
|
||||
unsigned int
|
||||
la_version (unsigned int v)
|
||||
{
|
||||
write_message ("info: tst-auditlogmod-3.so loaded\n");
|
||||
return LAV_CURRENT;
|
||||
}
|
Loading…
Reference in New Issue
Block a user