|
 |
67d1373 |
commit a014cecd82b71b70a6a843e250e06b541ad524f7
|
|
|
67d1373 |
Author: Florian Weimer <fweimer@redhat.com>
|
|
|
67d1373 |
Date: Thu Oct 15 09:23:07 2015 +0200
|
|
|
67d1373 |
|
|
|
67d1373 |
Always enable pointer guard [BZ #18928]
|
|
|
67d1373 |
|
|
|
67d1373 |
Honoring the LD_POINTER_GUARD environment variable in AT_SECURE mode
|
|
|
67d1373 |
has security implications. This commit enables pointer guard
|
|
|
67d1373 |
unconditionally, and the environment variable is now ignored.
|
|
|
67d1373 |
|
|
|
67d1373 |
Index: b/elf/rtld.c
|
|
|
67d1373 |
===================================================================
|
|
|
67d1373 |
--- a/elf/rtld.c
|
|
|
67d1373 |
+++ b/elf/rtld.c
|
|
|
67d1373 |
@@ -160,7 +160,6 @@ struct rtld_global_ro _rtld_global_ro at
|
|
|
67d1373 |
._dl_hwcap_mask = HWCAP_IMPORTANT,
|
|
|
67d1373 |
._dl_lazy = 1,
|
|
|
67d1373 |
._dl_fpu_control = _FPU_DEFAULT,
|
|
|
67d1373 |
- ._dl_pointer_guard = 1,
|
|
|
67d1373 |
._dl_pagesize = EXEC_PAGESIZE,
|
|
|
67d1373 |
._dl_inhibit_cache = 0,
|
|
|
67d1373 |
|
|
|
67d1373 |
@@ -707,15 +706,12 @@ security_init (void)
|
|
|
67d1373 |
#endif
|
|
|
67d1373 |
|
|
|
67d1373 |
/* Set up the pointer guard as well, if necessary. */
|
|
|
67d1373 |
- if (GLRO(dl_pointer_guard))
|
|
|
67d1373 |
- {
|
|
|
67d1373 |
- uintptr_t pointer_chk_guard = _dl_setup_pointer_guard (_dl_random,
|
|
|
67d1373 |
- stack_chk_guard);
|
|
|
67d1373 |
+ uintptr_t pointer_chk_guard
|
|
|
67d1373 |
+ = _dl_setup_pointer_guard (_dl_random, stack_chk_guard);
|
|
|
67d1373 |
#ifdef THREAD_SET_POINTER_GUARD
|
|
|
67d1373 |
- THREAD_SET_POINTER_GUARD (pointer_chk_guard);
|
|
|
67d1373 |
+ THREAD_SET_POINTER_GUARD (pointer_chk_guard);
|
|
|
67d1373 |
#endif
|
|
|
67d1373 |
- __pointer_chk_guard_local = pointer_chk_guard;
|
|
|
67d1373 |
- }
|
|
|
67d1373 |
+ __pointer_chk_guard_local = pointer_chk_guard;
|
|
|
67d1373 |
|
|
|
67d1373 |
/* We do not need the _dl_random value anymore. The less
|
|
|
67d1373 |
information we leave behind, the better, so clear the
|
|
|
67d1373 |
@@ -2467,9 +2463,6 @@ process_envvars (enum mode *modep)
|
|
|
67d1373 |
GLRO(dl_use_load_bias) = envline[14] == '1' ? -1 : 0;
|
|
|
67d1373 |
break;
|
|
|
67d1373 |
}
|
|
|
67d1373 |
-
|
|
|
67d1373 |
- if (memcmp (envline, "POINTER_GUARD", 13) == 0)
|
|
|
67d1373 |
- GLRO(dl_pointer_guard) = envline[14] != '0';
|
|
|
67d1373 |
break;
|
|
|
67d1373 |
|
|
|
67d1373 |
case 14:
|
|
|
67d1373 |
Index: b/sysdeps/generic/ldsodefs.h
|
|
|
67d1373 |
===================================================================
|
|
|
67d1373 |
--- a/sysdeps/generic/ldsodefs.h
|
|
|
67d1373 |
+++ b/sysdeps/generic/ldsodefs.h
|
|
|
67d1373 |
@@ -592,9 +592,6 @@ struct rtld_global_ro
|
|
|
67d1373 |
/* List of auditing interfaces. */
|
|
|
67d1373 |
struct audit_ifaces *_dl_audit;
|
|
|
67d1373 |
unsigned int _dl_naudit;
|
|
|
67d1373 |
-
|
|
|
67d1373 |
- /* 0 if internal pointer values should not be guarded, 1 if they should. */
|
|
|
67d1373 |
- EXTERN int _dl_pointer_guard;
|
|
|
67d1373 |
};
|
|
|
67d1373 |
# define __rtld_global_attribute__
|
|
|
67d1373 |
# if IS_IN (rtld)
|