[Bug libc/23323] [RFE] CSU startup hardening.

[Bug libc/23323] [RFE] CSU startup hardening.

[fweimer at redhat dot com]

https://sourceware.org/bugzilla/show_bug.cgi?id=23323

--- Comment #7 from Florian Weimer <fweimer at redhat dot com> ---
New patch posted:
https://sourceware.org/pipermail/libc-alpha/2021-February/122794.html

-- 
You are receiving this mail because:
You are on the CC list for the bug.

[Bug libc/23323] [RFE] CSU startup hardening.

[lvying.system.thoughts at gmail dot com]

https://sourceware.org/bugzilla/show_bug.cgi?id=23323

lvying <lvying.system.thoughts at gmail dot com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |lvying.system.thoughts@gmai
                   |                            |l.com

--- Comment #8 from lvying <lvying.system.thoughts at gmail dot com> ---
Hi Florian, Will this patch be synchronized to other glibc versions(glibc 2.28
etc)?

-- 
You are receiving this mail because:
You are on the CC list for the bug.

[Bug libc/23323] [RFE] CSU startup hardening.

[fweimer at redhat dot com]

https://sourceware.org/bugzilla/show_bug.cgi?id=23323

--- Comment #9 from Florian Weimer <fweimer at redhat dot com> ---
(In reply to lvying from comment #8)
> Hi Florian, Will this patch be synchronized to other glibc versions(glibc
> 2.28 etc)?

Unfortunately, a change like this is impossible to backport, due to its ABI
implications.

-- 
You are receiving this mail because:
You are on the CC list for the bug.

[Bug libc/23323] [RFE] CSU startup hardening.

[fweimer at redhat dot com]

https://sourceware.org/bugzilla/show_bug.cgi?id=23323

Florian Weimer <fweimer at redhat dot com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|ASSIGNED                    |RESOLVED
   Target Milestone|---                         |2.34
         Resolution|---                         |FIXED

--- Comment #10 from Florian Weimer <fweimer at redhat dot com> ---
Fixed for glibc 2.34 via:

commit 035c012e32c11e84d64905efaf55e74f704d3668
Author: Florian Weimer <fweimer@redhat.com>
Date:   Thu Feb 25 12:10:57 2021 +0100

    Reduce the statically linked startup code [BZ #23323]

    It turns out the startup code in csu/elf-init.c has a perfect pair of
    ROP gadgets (see Marco-Gisbert and Ripoll-Ripoll, "return-to-csu: A
    New Method to Bypass 64-bit Linux ASLR").  These functions are not
    needed in dynamically-linked binaries because DT_INIT/DT_INIT_ARRAY
    are already processed by the dynamic linker.  However, the dynamic
    linker skipped the main program for some reason.  For maximum
    backwards compatibility, this is not changed, and instead, the main
    map is consulted from __libc_start_main if the init function argument
    is a NULL pointer.

    For statically linked binaries, the old approach based on linker
    symbols is still used because there is nothing else available.

    A new symbol version __libc_start_main@@GLIBC_2.34 is introduced because
    new binaries running on an old libc would not run their ELF
    constructors, leading to difficult-to-debug issues.

-- 
You are receiving this mail because:
You are on the CC list for the bug.

[Bug libc/23323] [RFE] CSU startup code hardening.

[fweimer at redhat dot com]

https://sourceware.org/bugzilla/show_bug.cgi?id=23323

Florian Weimer <fweimer at redhat dot com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
            Summary|[RFE] CSU startup           |[RFE] CSU startup code
                   |hardening.                  |hardening.

-- 
You are receiving this mail because:
You are on the CC list for the bug.