Commit Graph

9 Commits

Author SHA1 Message Date
Adhemerval Zanella
9c96c87d60 elf: Ignore GLIBC_TUNABLES for setuid/setgid binaries
The tunable privilege levels were a retrofit to try and keep the malloc
tunable environment variables' behavior unchanged across security
boundaries.  However, CVE-2023-4911 shows how tricky can be
tunable parsing in a security-sensitive environment.

Not only parsing, but the malloc tunable essentially changes some
semantics on setuid/setgid processes.  Although it is not a direct
security issue, allowing users to change setuid/setgid semantics is not
a good security practice, and requires extra code and analysis to check
if each tunable is safe to use on all security boundaries.

It also means that security opt-in features, like aarch64 MTE, would
need to be explicit enabled by an administrator with a wrapper script
or with a possible future system-wide tunable setting.

Co-authored-by: Siddhesh Poyarekar  <siddhesh@sourceware.org>
Reviewed-by: DJ Delorie <dj@redhat.com>
2023-11-21 16:15:42 -03:00
H.J. Lu
6259ab3941 ld.so: Always use MAP_COPY to map the first segment [BZ #30452]
The first segment in a shared library may be read-only, not executable.
To support LD_PREFER_MAP_32BIT_EXEC on such shared libraries, we also
check MAP_DENYWRITE to decide if MAP_32BIT should be passed to mmap.
Normally the first segment is mapped with MAP_COPY, which is defined
as (MAP_PRIVATE | MAP_DENYWRITE).  But if the segment alignment is
greater than the page size, MAP_COPY isn't used to allocate enough
space to ensure that the segment can be properly aligned.  Map the
first segment with MAP_COPY in this case to fix BZ #30452.
2023-06-30 10:42:42 -07:00
Sergey Bugaev
c02b26455b hurd: Implement prefer_map_32bit_exec tunable
This makes the prefer_map_32bit_exec tunable no longer Linux-specific.

Signed-off-by: Sergey Bugaev <bugaevc@gmail.com>
Message-Id: <20230423215526.346009-4-bugaevc@gmail.com>
2023-04-24 22:48:35 +02:00
Joseph Myers
29c4f53e2a Move architecture shlib-versions files to Linux-specific directories.
Various architectures have files such as sysdeps/<arch>/shlib-versions
whose contents are in fact entirely Linux-specific, relating only to
the symbol / shared library versions for the port to Linux on that
architecture, when any future port to a different OS on that
architecture would use the symbol version of the glibc release it goes
in, as standard for new ports.

This patch moves such files under sysdeps/unix/sysv/linux/, merging in
the contents of sysdeps/<arch>/nptl/shlib-versions in the process.
The only bits not moved are those relating to libgcc_s versions, which
don't appear OS-specific in the same way that glibc's symbol versions
so.  It deliberately does not change the regular expressions given for
matching configurations in each file; some match only Linux although
not Linux-specific, or match other OSes although Linux-specific.  It
is with a view to at least the following further cleanups:

* Move architecture-specific content from the toplevel shlib-versions
  and nptl/shlib-versions into sysdeps shlib-versions files, so
  eliminating another difference between ex-ports and non-ex-ports
  architectures.

* Likewise, for OS-specific content in shlib-versions files.

* At that point, the first field in shlib-versions files (the regular
  expression matching a configuration triplet) should be redundant, so
  eliminate that field and leave shlib-versions selection working
  purely on a sysdeps basis (with limited use of %ifdef in
  shlib-versions files when needed) rather than having its own
  separate mechanism to select what configuration information is
  relevant.

* Move the build of gnu/lib-names.h to a similar mechanism to that
  used for gnu/stubs.h (each library build installing a version of the
  header specifically for that build), so we can eliminate the
  duplication of soname information in the makefiles and get it purely
  from shlib-versions files again.

There may be other cleanups possible as well (in particular, I'm not
sure that all cases where the same "Earliest symbol set" information
is repeated for many different libraries actually should need to
repeat it rather than specifying it just once for DEFAULT for the
given configuration, and separately specifying any non-default choices
of soname).

Tested x86_64 that the installed shared libraries are unchanged by
this patch.

	* sysdeps/aarch64/shlib-versions: Move to ...
	* sysdeps/unix/sysv/linux/aarch64/shlib-versions: ... here.
	* sysdeps/alpha/shlib-versions: Move to ...
	* sysdeps/unix/sysv/linux/alpha/shlib-versions: ... here.
	* sysdeps/arm/shlib-versions: Move to ...
	* sysdeps/unix/sysv/linux/arm/shlib-versions: ... here.
	* sysdeps/hppa/shlib-versions: Move all contents except for
	libgcc_s entry to ...
	* sysdeps/unix/sysv/linux/hppa/shlib-versions: ... here.  Merge in
	entry from ...
	* sysdeps/hppa/nptl/shlib-versions: ... here.  Remove file.
	* sysdeps/ia64/shlib-versions: Move to ...
	* sysdeps/unix/sysv/linux/ia64/shlib-versions: ... here.  Merge in
	entry from ...
	* sysdeps/ia64/nptl/shlib-versions: ... here.  Remove file.
	* sysdeps/m68k/coldfire/shlib-versions: Move to ...
	* sysdeps/unix/sysv/linux/m68k/coldfire/shlib-versions: ... here.
	* sysdeps/microblaze/shlib-versions: Move to ...
	* sysdeps/unix/sysv/linux/microblaze/shlib-versions: ... here.
	* sysdeps/mips/shlib-versions: Move to ...
	* sysdeps/unix/sysv/linux/mips/shlib-versions: ... here.  Merge in
	entry from ...
	* sysdeps/mips/nptl/shlib-versions: ... here.  Remove file.
	* sysdeps/tile/shlib-versions: Move to ...
	* sysdeps/unix/sysv/linux/tile/shlib-versions: ... here.
	* sysdeps/unix/sysv/linux/x86_64/64/shlib-versions: Merge in entry
	from ...
	* sysdeps/x86_64/64/shlib-versions: ... here.  Remove file.
	* sysdeps/unix/sysv/linux/x86_64/x32/shlib-versions: Merge in
	entry from ...
	* sysdeps/x86_64/x32/shlib-versions: ... here.  Remove file.
2014-07-17 14:31:12 +00:00
Roland McGrath
0d749bbeba x86: Consolidate unnecessary nptl/ subdirectories. 2014-06-24 19:17:43 -07:00
Roland McGrath
14642b8511 Move x86_64 code out of nptl/ subdirectory. 2014-06-11 21:33:32 -07:00
H.J. Lu
0ab0291b84 Convert WORDSIZE[32|64]/ld entries to abi-variants 2012-05-30 08:33:26 -07:00
H.J. Lu
9317101683 Add x86_64 Implies-after files 2012-05-15 14:38:32 -07:00
H.J. Lu
0b254d8f3d Add sysdeps/x86_64/{64,x32}/shlib-versions 2012-05-14 16:23:57 -07:00