From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 38403 invoked by alias); 4 Nov 2019 20:01:02 -0000 Mailing-List: contact glibc-cvs-help@sourceware.org; run by ezmlm Precedence: bulk List-Id: List-Archive: List-Post: List-Help: , Sender: glibc-cvs-owner@sourceware.org List-Subscribe: Received: (qmail 38358 invoked by uid 97); 4 Nov 2019 20:01:02 -0000 Date: Mon, 04 Nov 2019 20:01:00 -0000 Message-ID: <20191104200102.38356.qmail@sourceware.org> Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit From: DJ Delorie To: glibc-cvs@sourceware.org Subject: [glibc/release/2.28/master] elf: Refuse to dlopen PIE objects [BZ #24323] X-Act-Checkin: glibc X-Git-Author: Florian Weimer X-Git-Refname: refs/heads/release/2.28/master X-Git-Oldrev: cef4c840a80372fe084effec0da1177d44b40bc0 X-Git-Newrev: 59991bf48a821a9b8d504b325e84d2099fa1a14e X-SW-Source: 2019-q4/txt/msg00271.txt.bz2 https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=59991bf48a821a9b8d504b325e84d2099fa1a14e commit 59991bf48a821a9b8d504b325e84d2099fa1a14e Author: Florian Weimer Date: Fri Nov 1 15:41:30 2019 -0400 elf: Refuse to dlopen PIE objects [BZ #24323] Another executable has already been mapped, so the dynamic linker cannot perform relocations correctly for the second executable. (cherry picked from commit 2c75b545de6fe3c44138799c68217a94bc669a88) (test omitted due to indirect dependency on test-in-container) Diff: --- ChangeLog | 7 +++++++ elf/dl-load.c | 18 ++++++++++++++---- include/elf.h | 2 +- 3 files changed, 22 insertions(+), 5 deletions(-) diff --git a/ChangeLog b/ChangeLog index d932485..37553b1 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,10 @@ +2019-06-18 Florian Weimer + + [BZ #24323] + * include/elf.h (DT_1_SUPPORTED_MASK): Include DF_1_PIE. + * elf/dl-load.c (_dl_map_object_from_fd): Check for DF_1_PIE and + fail when called from dlopen. + 2019-07-10 DJ Delorie Sergei Trofimovich diff --git a/elf/dl-load.c b/elf/dl-load.c index c51e4b3..162a78c 100644 --- a/elf/dl-load.c +++ b/elf/dl-load.c @@ -1173,6 +1173,10 @@ _dl_map_object_from_fd (const char *name, const char *origname, int fd, goto call_lose; } + /* dlopen of an executable is not valid because it is not possible + to perform proper relocations, handle static TLS, or run the + ELF constructors. For PIE, the check needs the dynamic + section, so there is another check below. */ if (__glibc_unlikely (type != ET_DYN) && __glibc_unlikely ((mode & __RTLD_OPENEXEC) == 0)) { @@ -1209,9 +1213,11 @@ _dl_map_object_from_fd (const char *name, const char *origname, int fd, elf_get_dynamic_info (l, NULL); /* Make sure we are not dlopen'ing an object that has the - DF_1_NOOPEN flag set. */ - if (__glibc_unlikely (l->l_flags_1 & DF_1_NOOPEN) - && (mode & __RTLD_DLOPEN)) + DF_1_NOOPEN flag set, or a PIE object. */ + if ((__glibc_unlikely (l->l_flags_1 & DF_1_NOOPEN) + && (mode & __RTLD_DLOPEN)) + || (__glibc_unlikely (l->l_flags_1 & DF_1_PIE) + && __glibc_unlikely ((mode & __RTLD_OPENEXEC) == 0))) { /* We are not supposed to load this object. Free all resources. */ _dl_unmap_segments (l); @@ -1222,7 +1228,11 @@ _dl_map_object_from_fd (const char *name, const char *origname, int fd, if (l->l_phdr_allocated) free ((void *) l->l_phdr); - errstring = N_("shared object cannot be dlopen()ed"); + if (l->l_flags_1 & DF_1_PIE) + errstring + = N_("cannot dynamically load position-independent executable"); + else + errstring = N_("shared object cannot be dlopen()ed"); goto call_lose; } diff --git a/include/elf.h b/include/elf.h index ab76aaf..14ed67f 100644 --- a/include/elf.h +++ b/include/elf.h @@ -23,7 +23,7 @@ # endif # define DT_1_SUPPORTED_MASK \ (DF_1_NOW | DF_1_NODELETE | DF_1_INITFIRST | DF_1_NOOPEN \ - | DF_1_ORIGIN | DF_1_NODEFLIB) + | DF_1_ORIGIN | DF_1_NODEFLIB | DF_1_PIE) #endif /* !_ISOMAC */ #endif /* elf.h */