* [PATCH] Avoid check-testrel failing on all sparc*, alpha or ppc32 -mbss-plt shared libraries
@ 2006-03-02 14:54 Jakub Jelinek
2006-03-02 16:00 ` Ulrich Drepper
0 siblings, 1 reply; 4+ messages in thread
From: Jakub Jelinek @ 2006-03-02 14:54 UTC (permalink / raw)
To: Ulrich Drepper, Roland McGrath; +Cc: Glibc hackers
Hi!
SPARC, Alpha and PowerPC32 without -msecure-plt have writable and executable
.plt section mandated by the ABI. This patch keeps the warnings in
elf/check-testrel.out, but doesn't fail the test because of this.
2006-03-02 Jakub Jelinek <jakub@redhat.com>
* elf/check-textrel.c: Include config.h.
(AB(handle_file)): Don't fail if PF_X | PF_W on architectures known
to have executable writable PLT.
* sysdeps/powerpc/powerpc32/configure.in (HAVE_PPC_SECURE_PLT): New
test.
* sysdeps/powerpc/powerpc32/configure: Rebuilt.
* config.h.in (HAVE_PPC_SECURE_PLT): Add.
--- libc/elf/check-textrel.c.jj 2006-01-14 17:41:01.000000000 +0100
+++ libc/elf/check-textrel.c 2006-03-02 10:43:00.000000000 +0100
@@ -18,6 +18,7 @@
Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
02111-1307 USA. */
+#include "config.h"
#include <byteswap.h>
#include <elf.h>
#include <endian.h>
@@ -88,7 +89,15 @@ AB(handle_file) (const char *fname, int
{
printf ("%s: segment %zu is executable and writable\n",
fname, cnt);
+#if !defined __sparc__ \
+ && !defined __alpha__ \
+ && (!defined __powerpc__ || defined __powerpc64__ || defined HAVE_PPC_SECURE_PLT)
+ /* sparc, sparc64, alpha and powerpc32 (the last one only when using
+ -mbss-plt) are expected to have PF_X | PF_W segment containing .plt
+ section, it is part of their ABI. It is bad security wise, nevertheless
+ this test shouldn't fail because of this. */
return 1;
+#endif
}
if (dynphdr == NULL)
--- libc/sysdeps/powerpc/powerpc32/configure.in.jj 2005-06-18 00:58:48.000000000 +0200
+++ libc/sysdeps/powerpc/powerpc32/configure.in 2006-03-02 10:37:54.000000000 +0100
@@ -16,3 +16,17 @@ rm -f conftest*])
if test $libc_cv_ppc_rel16 = yes; then
AC_DEFINE(HAVE_ASM_PPC_REL16)
fi
+
+# See whether GCC uses -msecure-plt.
+AC_CACHE_CHECK(for -msecure-plt by default, libc_cv_ppc_secure_plt, [dnl
+echo 'int foo (void) { extern int bar; return bar; }' > conftest.c
+libc_cv_ppc_secure_plt=no
+if AC_TRY_COMMAND(${CC-cc} -S $CFLAGS conftest.c -fpic -o conftest.s 1>&AS_MESSAGE_LOG_FD); then
+ if grep '_GLOBAL_OFFSET_TABLE_-.*@ha' conftest.s > /dev/null 2>&1; then
+ libc_cv_ppc_secure_plt=yes
+ fi
+fi
+rm -rf conftest*])
+if test $libc_cv_ppc_secure_plt = yes; then
+ AC_DEFINE(HAVE_PPC_SECURE_PLT)
+fi
--- libc/sysdeps/powerpc/powerpc32/configure.jj 2005-06-18 00:58:48.000000000 +0200
+++ libc/sysdeps/powerpc/powerpc32/configure 2006-03-02 10:37:54.000000000 +0100
@@ -31,3 +31,32 @@ if test $libc_cv_ppc_rel16 = yes; then
_ACEOF
fi
+
+# See whether GCC uses -msecure-plt.
+echo "$as_me:$LINENO: checking for -msecure-plt by default" >&5
+echo $ECHO_N "checking for -msecure-plt by default... $ECHO_C" >&6
+if test "${libc_cv_ppc_secure_plt+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ echo 'int foo (void) { extern int bar; return bar; }' > conftest.c
+libc_cv_ppc_secure_plt=no
+if { ac_try='${CC-cc} -S $CFLAGS conftest.c -fpic -o conftest.s 1>&5'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ if grep '_GLOBAL_OFFSET_TABLE_-.*@ha' conftest.s > /dev/null 2>&1; then
+ libc_cv_ppc_secure_plt=yes
+ fi
+fi
+rm -rf conftest*
+fi
+echo "$as_me:$LINENO: result: $libc_cv_ppc_secure_plt" >&5
+echo "${ECHO_T}$libc_cv_ppc_secure_plt" >&6
+if test $libc_cv_ppc_secure_plt = yes; then
+ cat >>confdefs.h <<\_ACEOF
+#define HAVE_PPC_SECURE_PLT 1
+_ACEOF
+
+fi
--- libc/config.h.in.jj 2006-02-27 18:30:50.000000000 +0100
+++ libc/config.h.in 2006-03-02 10:37:54.000000000 +0100
@@ -200,6 +200,9 @@
/* Define if your assembler and linker support R_PPC_REL16* relocs. */
#undef HAVE_ASM_PPC_REL16
+/* Define if your compiler defaults to -msecure-plt mode on ppc. */
+#undef HAVE_PPC_SECURE_PLT
+
/* Define if __stack_chk_guard canary should be randomized at program startup. */
#undef ENABLE_STACKGUARD_RANDOMIZE
Jakub
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [PATCH] Avoid check-testrel failing on all sparc*, alpha or ppc32 -mbss-plt shared libraries
2006-03-02 14:54 [PATCH] Avoid check-testrel failing on all sparc*, alpha or ppc32 -mbss-plt shared libraries Jakub Jelinek
@ 2006-03-02 16:00 ` Ulrich Drepper
2006-03-02 18:30 ` H. J. Lu
0 siblings, 1 reply; 4+ messages in thread
From: Ulrich Drepper @ 2006-03-02 16:00 UTC (permalink / raw)
To: Jakub Jelinek; +Cc: Roland McGrath, Glibc hackers
[-- Attachment #1: Type: text/plain, Size: 255 bytes --]
I've applied the patch but this really cannot be a long-term solution.
Either the arch goes away or it gets an ABI which isn't an open
invitation for attackers.
--
➧ Ulrich Drepper ➧ Red Hat, Inc. ➧ 444 Castro St ➧ Mountain View, CA ❖
[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 251 bytes --]
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [PATCH] Avoid check-testrel failing on all sparc*, alpha or ppc32 -mbss-plt shared libraries
2006-03-02 16:00 ` Ulrich Drepper
@ 2006-03-02 18:30 ` H. J. Lu
2006-03-02 18:42 ` Ulrich Drepper
0 siblings, 1 reply; 4+ messages in thread
From: H. J. Lu @ 2006-03-02 18:30 UTC (permalink / raw)
To: Ulrich Drepper; +Cc: Jakub Jelinek, Roland McGrath, Glibc hackers
On Thu, Mar 02, 2006 at 08:00:47AM -0800, Ulrich Drepper wrote:
> I've applied the patch but this really cannot be a long-term solution.
> Either the arch goes away or it gets an ABI which isn't an open
> invitation for attackers.
>
It is broken since elf/check-textrel.c is compiled with
cd /export/build/gnu/glibc-nptl-4.1-redhat/build-x86_64-linux/elf && gcc -pipe -O -Wall -D_XOPEN_SOURCE=600 -D_BSD_SOURCE -include ../config.h /export/gnu/src/glibc/libc/elf/check-textrel.c -o check-textrel
/export/gnu/src/glibc/libc/elf/check-textrel.c:21:20: error: config.h:
No such file or directory
There is no need to include "config.h" since there is "-include
../config.h" already. This patch fixes it.
H.J.
----
2006-03-02 H.J. Lu <hongjiu.lu@intel.com>
* elf/check-textrel.c: Don't include "config.h".
--- elf/check-textrel.c.foo 2006-03-02 09:17:08.000000000 -0800
+++ elf/check-textrel.c 2006-03-02 10:14:10.000000000 -0800
@@ -18,7 +18,6 @@
Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
02111-1307 USA. */
-#include "config.h"
#include <byteswap.h>
#include <elf.h>
#include <endian.h>
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [PATCH] Avoid check-testrel failing on all sparc*, alpha or ppc32 -mbss-plt shared libraries
2006-03-02 18:30 ` H. J. Lu
@ 2006-03-02 18:42 ` Ulrich Drepper
0 siblings, 0 replies; 4+ messages in thread
From: Ulrich Drepper @ 2006-03-02 18:42 UTC (permalink / raw)
To: H. J. Lu; +Cc: Glibc hackers
[-- Attachment #1: Type: text/plain, Size: 96 bytes --]
OK.
--
➧ Ulrich Drepper ➧ Red Hat, Inc. ➧ 444 Castro St ➧ Mountain View, CA ❖
[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 251 bytes --]
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2006-03-02 18:42 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2006-03-02 14:54 [PATCH] Avoid check-testrel failing on all sparc*, alpha or ppc32 -mbss-plt shared libraries Jakub Jelinek
2006-03-02 16:00 ` Ulrich Drepper
2006-03-02 18:30 ` H. J. Lu
2006-03-02 18:42 ` Ulrich Drepper
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).