The glibc 2.33 release enabled /etc/nsswitch.conf reloading,
and to prevent potential security issues like CVE-2019-14271
the re-loading of nsswitch.conf and all mdoules was disabled
when the root filesystem changes (see bug 27077).
Unfortunately php-lpfm and openldap both require the ability
to continue to load NSS modules after chroot. The packages
do not exec after the chroot, and so do not cause the
protections to be reset. The only solution is to re-enable
only NSS module loading (not nsswitch.conf reloading) and so
get back the previous glibc behaviour.
In the future we may introduce a way to harden applications
so they do not reload NSS modules once the root filesystem
changes, or that only files/dns are available pre-loaded
(or builtin).
Reviewed-by: Carlos O'Donell <carlos@redhat.com>
In commit 745664bd79 a use-after-free
was fixed, but this led to an occasional double-free. This patch
tracks the "live" allocation better.
Tested manually by a third party.
Related: RHBZ 1927877
Reviewed-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
Reviewed-by: Carlos O'Donell <carlos@redhat.com>
There were following problems discovered for tst-timerfd test:
1. Do not set the struct itimerspec's it_interval tv_sec to 2 seconds.
After this change the timerfd will trigger only once (the it_value is
only set in this case).
2. The 'val1' variable (including the call to timerfd_gettime) is not
needed anymore, as it is just enough to read the struct itimerspec
after sleep. As a consequence the 'val2' has been renamed to 'val'.
3. After calling timerfd_gettime, the value of struct itimerspec time,
when timer is running, is the remaining time. In the case of this test
it would be less than 1 second.
As a result the TEST_COMPARE macro logic had to be adjusted.
Reviewed-by: Adhemerval Zanella <adhemerval.zanella@linaro.org>
This patch provides test for utimes. It uses wrapper to read
access and modification times to compare them with ones written by
utimes.
Moreover, access and modification times beyond the Y2038 threshold
date (i.e. 32 bit time_t overflow) are also checked.
Reviewed-by: Adhemerval Zanella <adhemerval.zanella@linaro.org>
This patch provides test for utime. It uses wrapper to read access
and modification times to compare them with ones written by utime.
Moreover, access and modification times beyond the Y2038 threshold
date (i.e. 32 bit time_t overflow) are also checked.
Reviewed-by: Adhemerval Zanella <adhemerval.zanella@linaro.org>
This patch provides test for futimens. It uses wrapper, which
reads access and modification time to compare them with ones
written by futimens.
Moreover, access and modification times beyond the Y2038 threshold
date (i.e. 32 bit time_t overflow) are also checked.
Reviewed-by: Adhemerval Zanella <adhemerval.zanella@linaro.org>
Do not define these macros if they do nothing in a particular
compilation, otherwise they can easily be used accidentally, while
not actually achieving anything.
Temporarily move the arm _Unwind_Resume implementation to the file
used by libpthread. It will be ported to <unwind-link.h> along with
the rest of nptl.
Reviewed-by: Carlos O'Donell <carlos@redhat.com>
This will be used to consolidate the libgcc_s access for backtrace
and pthread_cancel.
Unlike the existing backtrace implementations, it provides some
hardening based on pointer mangling.
Reviewed-by: Carlos O'Donell <carlos@redhat.com>
An experimental build of GCC 11 with an enhanced -Warray-bounds
reports a bug in IO_wdefault_doallocate where the function forms
an invalid past-the-end pointer to an allocated wchar_t buffer
by failingf to consider the scaling by sizeof (wchar_t).
The fix path below corrects this problem. It keeps the buffer
size the same as opposed to increasing it according to what other
code like it does.
Reviewed-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
It turns out the startup code in csu/elf-init.c has a perfect pair of
ROP gadgets (see Marco-Gisbert and Ripoll-Ripoll, "return-to-csu: A
New Method to Bypass 64-bit Linux ASLR"). These functions are not
needed in dynamically-linked binaries because DT_INIT/DT_INIT_ARRAY
are already processed by the dynamic linker. However, the dynamic
linker skipped the main program for some reason. For maximum
backwards compatibility, this is not changed, and instead, the main
map is consulted from __libc_start_main if the init function argument
is a NULL pointer.
For statically linked binaries, the old approach based on linker
symbols is still used because there is nothing else available.
A new symbol version __libc_start_main@@GLIBC_2.34 is introduced because
new binaries running on an old libc would not run their ELF
constructors, leading to difficult-to-debug issues.
Gnulib has added the proposed fix with aed23714d60 (done in 2005), but
recently with a glibc merge with 67306f6 (done in 2020 with sync back)
it has fallback to old semantic to return -1 on in case of failure.
From gnulib developer feedback it was an oversight. Although the full
fix for BZ #14185 would require to rewrite fnmatch implementation to use
mbrtowc instead of mbsrtowcs on the full input, this mitigate the issue
and it has been used by gnulib for a long time.
This patch also removes the alloca usage on the string convertion to
wide characters before calling the internal function.
Checked on x86_64-linux-gnu.
The elision interfaces are closely aligned between the targets that
implement them, so declare them in the generic <lowlevellock.h>
file.
Empty .c stubs are provided, so that fewer makefile updates
under sysdeps are needed. Also simplify initialization via
__libc_early_init.
The symbols __lll_clocklock_elision, __lll_lock_elision,
__lll_trylock_elision, __lll_unlock_elision, __pthread_force_elision
move into libc. For the time being, non-hidden references are used
from libpthread to access them, but once that part of libpthread
is moved into libc, hidden symbols will be used again. (Hidden
references seem desirable to reduce the likelihood of transactions
aborts.)
This moves __futex_abstimed_wait64 and
__futex_abstimed_wait_cancelable64 and exports these functions as
GLIBC_PRIVATE.
Reviewed-by: Adhemerval Zanella <adhemerval.zanella@linaro.org>
And sort the lines lexicographically. This will make it easier to review
patches which move symbols from libpthread to libc.
Reviewed-by: Adhemerval Zanella <adhemerval.zanella@linaro.org>
This was likely a mistake in the original aarch64 port copied over
from arm: on aarch64 tpidr_el0 register is always available.
The __read_tp symbol is visible with static linking, but it's not
part of the public ABI so it should be safe to remove.
The -O option avoids interleaving (e.g.) compiler error messages
with other build messages, and makes attribution of messages to
commands easier.
According to my tests, the impact on build time is within the noise.
This patch replaces obsolete AC_TRY_LINK with AC_LINK_IFELSE.
It has been confirmed that GNU 'autoconf' 2.69 doesn't change the
'configure' file and suppressed obsolete warning.
This patch removes obsolete AC_CHECK_TOOL_PREFIX.
It has been confirmed that AC_CHECK_TOOL_PREFIX is defined as NOP in
GNU 'autoconf' 2.69 [1], so we can safely remove it.
The 'configure' file has been deleted one blank line by the 'autoconf'
2.69 command .
[1] autoconf-2.69/share/autoconf/autoconf/programs.m4
181 # AC_CHECK_TOOL_PREFIX
182 # --------------------
183 AU_DEFUN([AC_CHECK_TOOL_PREFIX])
This patch replaces obsoleted AC_HELP_STRING with AS_HELP_STRING.
As of Glibc 2.33, INSTALL says "GNU 'autoconf' 2.69 (exactly)" is
required. So we can safely replace obsoleted macro without worrying
about older autoconf.
This change doesn't affect the contents of "configure" file.
Linux 5.11 has one new syscall, epoll_pwait2. Update
syscall-names.list and regenerate the arch-syscall.h headers with
build-many-glibcs.py update-syscalls.
Tested with build-many-glibcs.py.