From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: by sourceware.org (Postfix, from userid 1791) id 328A6381108E; Tue, 4 Jun 2024 22:58:04 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 328A6381108E DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sourceware.org; s=default; t=1717541884; bh=J2gCNFBBXYlsXbTZB5vrDXwb529K2Z1nTC3rPwJJfD4=; h=From:To:Subject:Date:From; b=yr88qxz3OnQmnHUZBuHjd/e1Zr3XyrL+ub+SK+qLuKnmJexXs7GkTlwB3HlOG9cEB 4Xz1U3sMues1egnIxtdo/1oubJ7kb49ZZH9aSKuiW8vPDqQ6b/U8hnlc0RpfR489cb X5uisECJvwPqia5W5g4IXzINQoW8UDu5LIeSJeoY= Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit From: Adhemerval Zanella To: glibc-cvs@sourceware.org Subject: [glibc/azanella/mseal] elf: Add support to memory sealing for audit modules X-Act-Checkin: glibc X-Git-Author: Adhemerval Zanella X-Git-Refname: refs/heads/azanella/mseal X-Git-Oldrev: 1dfe4b60eefbf3d72b1d3951be422d4345b293ab X-Git-Newrev: 0f31bbfcd4e9f2cb1933439a1b154c427a3206fb Message-Id: <20240604225804.328A6381108E@sourceware.org> Date: Tue, 4 Jun 2024 22:58:04 +0000 (GMT) List-Id: https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=0f31bbfcd4e9f2cb1933439a1b154c427a3206fb commit 0f31bbfcd4e9f2cb1933439a1b154c427a3206fb Author: Adhemerval Zanella Date: Tue Jun 4 14:38:42 2024 -0300 elf: Add support to memory sealing for audit modules It is done after the the loading process (instead at loading time with RTLD_NODELETE), because the module might be unloaded due nexistent or wrong la_version. It also means that the la_version and l_objopen/la_activety might be called without the object memory sealed. Checked on x86_64-linux-gnu. Diff: --- elf/rtld.c | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/elf/rtld.c b/elf/rtld.c index 174389e205..de00182d46 100644 --- a/elf/rtld.c +++ b/elf/rtld.c @@ -1051,6 +1051,8 @@ static void load_audit_modules (struct link_map *main_map, struct audit_list *audit_list) { struct audit_ifaces *last_audit = NULL; + struct link_map *l; + Lmid_t nsid; while (true) { @@ -1060,6 +1062,16 @@ load_audit_modules (struct link_map *main_map, struct audit_list *audit_list) load_audit_module (name, &last_audit); } + /* Seal the audit modules and their dependencies. It is done after the + the loading process (instead at loading time with RTLD_NODELETE), because + the module might be unloaded (due inexistent or wrong la_version). */ + for (nsid = LM_ID_BASE + 1; nsid < GL(dl_nns); nsid++) + for (l = GL(dl_ns)[nsid]._ns_loaded; l; l = l->l_next) + { + l->l_seal = 1; + _dl_mseal_map (l); + } + /* Notify audit modules of the initially loaded modules (the main program and the dynamic linker itself). */ if (GLRO(dl_naudit) > 0)