If the process is in a bad state, we used to print backtraces in
many cases. This is problematic because doing so could involve
a lot of work, like loading libgcc_s using the dynamic linker,
and this could itself be targeted by exploit writers. For example,
if the crashing process was forked from a long-lived process, the
addresses in the error message could be used to bypass ASLR.
Commit ed421fca42 ("Avoid backtrace from
__stack_chk_fail [BZ #12189]"), backtraces where no longer printed
because backtrace_and_maps was always called with do_abort == 1.
Rather than fixing this logic error, this change removes the backtrace
functionality from the sources. With the prevalence of external crash
handlers, it does not appear to be particularly useful. The crash
handler may also destroy useful information for debugging.
Reviewed-by: Carlos O'Donell <carlos@redhat.com>
__stack_chk_fail is called on corrupted stack. Stack backtrace is very
unreliable against corrupted stack. __libc_message is changed to accept
enum __libc_message_action and call BEFORE_ABORT only if action includes
do_backtrace. __fortify_fail_abort is added to avoid backtrace from
__stack_chk_fail.
[BZ #12189]
* debug/Makefile (CFLAGS-tst-ssp-1.c): New.
(tests): Add tst-ssp-1 if -fstack-protector works.
* debug/fortify_fail.c: Include <stdbool.h>.
(_fortify_fail_abort): New function.
(__fortify_fail): Call _fortify_fail_abort.
(__fortify_fail_abort): Add a hidden definition.
* debug/stack_chk_fail.c: Include <stdbool.h>.
(__stack_chk_fail): Call __fortify_fail_abort, instead of
__fortify_fail.
* debug/tst-ssp-1.c: New file.
* include/stdio.h (__libc_message_action): New enum.
(__libc_message): Replace int with enum __libc_message_action.
(__fortify_fail_abort): New hidden prototype.
* malloc/malloc.c (malloc_printerr): Update __libc_message calls.
* sysdeps/posix/libc_fatal.c (__libc_message): Replace int
with enum __libc_message_action. Call BEFORE_ABORT only if
action includes do_backtrace.
(__libc_fatal): Update __libc_message call.
Add a hidden __stack_chk_fail_local alias to libc.so,
and make sure that on targets which use __stack_chk_fail,
this does not introduce a local PLT reference into libc.so.
* configure.in: Add --enable-stackguard-randomization option.
(ENABLE_STACKGUARD_RANDOMIZE): New define.
* config.h.in (ENABLE_STACKGUARD_RANDOMIZE): Add.
* sysdeps/unix/sysv/linux/dl-osinfo.h: Include stdint.h.
(_dl_setup_stack_chk_guard): New inline function.
* sysdeps/generic/dl-osinfo.h: Include stdint.h.
(_dl_setup_stack_chk_guard): New inline function.
* elf/rtld.c (__stack_chk_guard): New variable.
(dl_main): Remove all traces of TLS_INIT_TP_EXPENSIVE.
Set __stack_chk_guard to _dl_setup_stack_chk_guard (),
use THREAD_SET_STACK_GUARD if defined.
* elf/Versions (ld): Export __stack_chk_guard@@GLIBC_2.4.
* sysdeps/generic/libc-start.c (__stack_chk_guard): New variable.
(__libc_start_main): Set __stack_chk_guard to
_dl_setup_stack_chk_guard (), use THREAD_SET_STACK_GUARD if defined.
* sysdeps/generic/libc-tls.c (__libc_setup_tls): Remove all
traces of TLS_INIT_TP_EXPENSIVE.
* debug/Versions (libc): Export __stack_chk_fail@@GLIBC_2.4.
* debug/Makefile (routines): Add stack_chk_fail.
(static-only-routines): Add stack_chk_fail_local.
* debug/stack_chk_fail_local.c: New file.
* debug/stack_chk_fail.c: New file.
* elf/Makefile: Add rules to build and run tst-stackguard1{,-static}
tests.
* elf/tst-stackguard1.c: New file.
* elf/tst-stackguard1-static.c: New file.
* elf/stackguard-macros.h: New file.