From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 42181 invoked by alias); 4 Nov 2019 20:02:56 -0000 Mailing-List: contact libc-stable-help@sourceware.org; run by ezmlm Precedence: bulk List-Post: List-Help: List-Subscribe: List-Archive: Sender: libc-stable-owner@sourceware.org Received: (qmail 42170 invoked by uid 89); 4 Nov 2019 20:02:56 -0000 Authentication-Results: sourceware.org; auth=none X-Virus-Checked: by ClamAV 0.100.3 on sourceware.org X-Virus-Found: No X-Spam-SWARE-Status: No, score=-18.0 required=5.0 tests=AWL,BAYES_00,GIT_PATCH_0,GIT_PATCH_1,GIT_PATCH_2,GIT_PATCH_3 autolearn=ham version=3.3.1 spammy=D*ru, HTo:U*libc-stable, H*Ad:U*libc-stable, elfh X-Spam-Status: No, score=-18.0 required=5.0 tests=AWL,BAYES_00,GIT_PATCH_0,GIT_PATCH_1,GIT_PATCH_2,GIT_PATCH_3 autolearn=ham version=3.3.1 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on sourceware.org X-Spam-Level: X-HELO: us-smtp-1.mimecast.com Received: from us-smtp-delivery-1.mimecast.com (HELO us-smtp-1.mimecast.com) (207.211.31.120) by sourceware.org (qpsmtpd/0.93/v0.84-503-g423c35a) with ESMTP; Mon, 04 Nov 2019 20:02:54 +0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1572897773; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=MVZr/dtplc1DZ1+9slR0CS/YMG3hzFlElt5iI6bYi2U=; b=X96EyV7acCaUt1BnYSbQh0KyexUuc340PXqYL6FRn2XoUaAXTdViG0qF+RLE7pfd/joCMo umk8yZILr7eNX+dOHG6lsXD3XvAMLCNA/mYdkRL3J2TsnwaeAxPoZdVj23A5+CqYvPfWzZ JA3vcIFXv4t/1Dc+sp2RiZpOd8eEmgs= Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-431-aOzTg3YuNZWlh2yqEDBbEw-1; Mon, 04 Nov 2019 15:02:51 -0500 Received: from smtp.corp.redhat.com (int-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.11]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id D54E6800054 for ; Mon, 4 Nov 2019 20:02:50 +0000 (UTC) Received: from greed.delorie.com (ovpn-116-12.phx2.redhat.com [10.3.116.12]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 8B872600C4 for ; Mon, 4 Nov 2019 20:02:50 +0000 (UTC) Received: from greed.delorie.com.redhat.com (localhost [127.0.0.1]) by greed.delorie.com (8.14.7/8.14.7) with ESMTP id xA4K2nQx007513 for ; Mon, 4 Nov 2019 15:02:49 -0500 Date: Tue, 01 Jan 2019 00:00:00 -0000 Message-Id: From: DJ Delorie To: libc-stable@sourceware.org Subject: [2.28 COMMITTED] elf: Refuse to dlopen PIE objects [BZ #24323] X-Scanned-By: MIMEDefang 2.79 on 10.5.11.11 X-MC-Unique: aOzTg3YuNZWlh2yqEDBbEw-1 X-Mimecast-Spam-Score: 0 Content-Type: text/plain; charset=WINDOWS-1252 Content-Transfer-Encoding: quoted-printable X-IsSubscribed: yes X-SW-Source: 2019-11/txt/msg00004.txt.bz2 From: Florian Weimer Another executable has already been mapped, so the dynamic linker cannot perform relocations correctly for the second executable. (cherry picked from commit 2c75b545de6fe3c44138799c68217a94bc669a88) (test omitted due to indirect dependency on test-in-container) diff --git a/ChangeLog b/ChangeLog index d932485496..37553b12e7 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,10 @@ +2019-06-18 Florian Weimer + + [BZ #24323] + * include/elf.h (DT_1_SUPPORTED_MASK): Include DF_1_PIE. + * elf/dl-load.c (_dl_map_object_from_fd): Check for DF_1_PIE and + fail when called from dlopen. + 2019-07-10 DJ Delorie Sergei Trofimovich =20 diff --git a/elf/dl-load.c b/elf/dl-load.c index c51e4b3718..162a78cb0d 100644 --- a/elf/dl-load.c +++ b/elf/dl-load.c @@ -1173,6 +1173,10 @@ _dl_map_object_from_fd (const char *name, const char= *origname, int fd, goto call_lose; } =20 + /* dlopen of an executable is not valid because it is not possible + to perform proper relocations, handle static TLS, or run the + ELF constructors. For PIE, the check needs the dynamic + section, so there is another check below. */ if (__glibc_unlikely (type !=3D ET_DYN) && __glibc_unlikely ((mode & __RTLD_OPENEXEC) =3D=3D 0)) { @@ -1209,9 +1213,11 @@ _dl_map_object_from_fd (const char *name, const char= *origname, int fd, elf_get_dynamic_info (l, NULL); =20 /* Make sure we are not dlopen'ing an object that has the - DF_1_NOOPEN flag set. */ - if (__glibc_unlikely (l->l_flags_1 & DF_1_NOOPEN) - && (mode & __RTLD_DLOPEN)) + DF_1_NOOPEN flag set, or a PIE object. */ + if ((__glibc_unlikely (l->l_flags_1 & DF_1_NOOPEN) + && (mode & __RTLD_DLOPEN)) + || (__glibc_unlikely (l->l_flags_1 & DF_1_PIE) + && __glibc_unlikely ((mode & __RTLD_OPENEXEC) =3D=3D 0))) { /* We are not supposed to load this object. Free all resources. */ _dl_unmap_segments (l); @@ -1222,7 +1228,11 @@ _dl_map_object_from_fd (const char *name, const char= *origname, int fd, if (l->l_phdr_allocated) free ((void *) l->l_phdr); =20 - errstring =3D N_("shared object cannot be dlopen()ed"); + if (l->l_flags_1 & DF_1_PIE) + errstring + =3D N_("cannot dynamically load position-independent executable"); + else + errstring =3D N_("shared object cannot be dlopen()ed"); goto call_lose; } =20 diff --git a/include/elf.h b/include/elf.h index ab76aafb1e..14ed67ff67 100644 --- a/include/elf.h +++ b/include/elf.h @@ -23,7 +23,7 @@ # endif # define DT_1_SUPPORTED_MASK \ (DF_1_NOW | DF_1_NODELETE | DF_1_INITFIRST | DF_1_NOOPEN \ - | DF_1_ORIGIN | DF_1_NODEFLIB) + | DF_1_ORIGIN | DF_1_NODEFLIB | DF_1_PIE) =20 #endif /* !_ISOMAC */ #endif /* elf.h */