|
|
dfa500 |
commit 0499a353a6e196f468e7ec554cb13c82011f0e36
|
|
|
dfa500 |
Author: Florian Weimer <fweimer@redhat.com>
|
|
|
dfa500 |
Date: Mon Mar 2 14:24:27 2020 +0100
|
|
|
dfa500 |
|
|
|
dfa500 |
elf: Add elf/check-wx-segment, a test for the presence of WX segments
|
|
|
dfa500 |
|
|
|
dfa500 |
Writable, executable segments defeat security hardening. The
|
|
|
dfa500 |
existing check for DT_TEXTREL does not catch this.
|
|
|
dfa500 |
|
|
|
dfa500 |
hppa and SPARC currently keep the PLT in an RWX load segment.
|
|
|
dfa500 |
|
|
|
dfa500 |
# Conflicts:
|
|
|
dfa500 |
# sysdeps/sparc/Makefile
|
|
|
dfa500 |
|
|
|
dfa500 |
diff --git a/elf/Makefile b/elf/Makefile
|
|
|
dfa500 |
index f1a16fe8ca594c57..a52d9b1f6a4364a7 100644
|
|
|
dfa500 |
--- a/elf/Makefile
|
|
|
dfa500 |
+++ b/elf/Makefile
|
|
|
dfa500 |
@@ -378,6 +378,7 @@ tests-special += $(objpfx)tst-pathopt.out $(objpfx)tst-rtld-load-self.out \
|
|
|
dfa500 |
$(objpfx)tst-rtld-preload.out
|
|
|
dfa500 |
endif
|
|
|
dfa500 |
tests-special += $(objpfx)check-textrel.out $(objpfx)check-execstack.out \
|
|
|
dfa500 |
+ $(objpfx)check-wx-segment.out \
|
|
|
dfa500 |
$(objpfx)check-localplt.out $(objpfx)check-initfini.out
|
|
|
dfa500 |
endif
|
|
|
dfa500 |
|
|
|
dfa500 |
@@ -1148,6 +1149,12 @@ $(objpfx)check-execstack.out: $(..)scripts/check-execstack.awk \
|
|
|
dfa500 |
$(evaluate-test)
|
|
|
dfa500 |
generated += check-execstack.out
|
|
|
dfa500 |
|
|
|
dfa500 |
+$(objpfx)check-wx-segment.out: $(..)scripts/check-wx-segment.py \
|
|
|
dfa500 |
+ $(all-built-dso:=.phdr)
|
|
|
dfa500 |
+ $(PYTHON) $^ --xfail="$(check-wx-segment-xfail)" > $@; \
|
|
|
dfa500 |
+ $(evaluate-test)
|
|
|
dfa500 |
+generated += check-wx-segment.out
|
|
|
dfa500 |
+
|
|
|
dfa500 |
$(objpfx)tst-dlmodcount: $(libdl)
|
|
|
dfa500 |
$(objpfx)tst-dlmodcount.out: $(test-modules)
|
|
|
dfa500 |
|
|
|
dfa500 |
diff --git a/scripts/check-wx-segment.py b/scripts/check-wx-segment.py
|
|
|
dfa500 |
new file mode 100644
|
|
|
dfa500 |
index 0000000000000000..e1fa79387ce22c4b
|
|
|
dfa500 |
--- /dev/null
|
|
|
dfa500 |
+++ b/scripts/check-wx-segment.py
|
|
|
dfa500 |
@@ -0,0 +1,85 @@
|
|
|
dfa500 |
+#!/usr/bin/python3
|
|
|
dfa500 |
+# Check ELF program headers for WX segments.
|
|
|
dfa500 |
+# Copyright (C) 2020 Free Software Foundation, Inc.
|
|
|
dfa500 |
+# This file is part of the GNU C Library.
|
|
|
dfa500 |
+#
|
|
|
dfa500 |
+# The GNU C Library is free software; you can redistribute it and/or
|
|
|
dfa500 |
+# modify it under the terms of the GNU Lesser General Public
|
|
|
dfa500 |
+# License as published by the Free Software Foundation; either
|
|
|
dfa500 |
+# version 2.1 of the License, or (at your option) any later version.
|
|
|
dfa500 |
+#
|
|
|
dfa500 |
+# The GNU C Library is distributed in the hope that it will be useful,
|
|
|
dfa500 |
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
dfa500 |
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
|
|
dfa500 |
+# Lesser General Public License for more details.
|
|
|
dfa500 |
+#
|
|
|
dfa500 |
+# You should have received a copy of the GNU Lesser General Public
|
|
|
dfa500 |
+# License along with the GNU C Library; if not, see
|
|
|
dfa500 |
+# <https://www.gnu.org/licenses/>.
|
|
|
dfa500 |
+
|
|
|
dfa500 |
+"""Check that the program headers do not contain write-exec segments."""
|
|
|
dfa500 |
+
|
|
|
dfa500 |
+import argparse
|
|
|
dfa500 |
+import os.path
|
|
|
dfa500 |
+import re
|
|
|
dfa500 |
+import sys
|
|
|
dfa500 |
+
|
|
|
dfa500 |
+# Regular expression to extract the RWE flags field. The
|
|
|
dfa500 |
+# address/offset columns have varying width.
|
|
|
dfa500 |
+RE_LOAD = re.compile(
|
|
|
dfa500 |
+ r'^ LOAD +(?:0x[0-9a-fA-F]+ +){5}([R ][W ][ E]) +0x[0-9a-fA-F]+\n\Z')
|
|
|
dfa500 |
+
|
|
|
dfa500 |
+def process_file(path, inp, xfail):
|
|
|
dfa500 |
+ """Analyze one input file."""
|
|
|
dfa500 |
+
|
|
|
dfa500 |
+ errors = 0
|
|
|
dfa500 |
+ for line in inp:
|
|
|
dfa500 |
+ error = None
|
|
|
dfa500 |
+ if line.startswith(' LOAD '):
|
|
|
dfa500 |
+ match = RE_LOAD.match(line)
|
|
|
dfa500 |
+ if match is None:
|
|
|
dfa500 |
+ error = 'Invalid LOAD line'
|
|
|
dfa500 |
+ else:
|
|
|
dfa500 |
+ flags, = match.groups()
|
|
|
dfa500 |
+ if 'W' in flags and 'E' in flags:
|
|
|
dfa500 |
+ if xfail:
|
|
|
dfa500 |
+ print('{}: warning: WX segment (as expected)'.format(
|
|
|
dfa500 |
+ path))
|
|
|
dfa500 |
+ else:
|
|
|
dfa500 |
+ error = 'WX segment'
|
|
|
dfa500 |
+
|
|
|
dfa500 |
+ if error is not None:
|
|
|
dfa500 |
+ print('{}: error: {}: {!r}'.format(path, error, line.strip()))
|
|
|
dfa500 |
+ errors += 1
|
|
|
dfa500 |
+
|
|
|
dfa500 |
+ if xfail and errors == 0:
|
|
|
dfa500 |
+ print('{}: warning: missing expected WX segment'.format(path))
|
|
|
dfa500 |
+ return errors
|
|
|
dfa500 |
+
|
|
|
dfa500 |
+
|
|
|
dfa500 |
+def main():
|
|
|
dfa500 |
+ """The main entry point."""
|
|
|
dfa500 |
+ parser = argparse.ArgumentParser(description=__doc__)
|
|
|
dfa500 |
+ parser.add_argument('--xfail',
|
|
|
dfa500 |
+ help='Mark input files as XFAILed ("*" for all)',
|
|
|
dfa500 |
+ type=str, default='')
|
|
|
dfa500 |
+ parser.add_argument('phdrs',
|
|
|
dfa500 |
+ help='Files containing readelf -Wl output',
|
|
|
dfa500 |
+ nargs='*')
|
|
|
dfa500 |
+ opts = parser.parse_args(sys.argv)
|
|
|
dfa500 |
+
|
|
|
dfa500 |
+ xfails = set(opts.xfail.split(' '))
|
|
|
dfa500 |
+ xfails_all = opts.xfail.strip() == '*'
|
|
|
dfa500 |
+
|
|
|
dfa500 |
+ errors = 0
|
|
|
dfa500 |
+ for path in opts.phdrs:
|
|
|
dfa500 |
+ xfail = ((os.path.basename(path) + '.phdrs') in xfails
|
|
|
dfa500 |
+ or xfails_all)
|
|
|
dfa500 |
+ with open(path) as inp:
|
|
|
dfa500 |
+ errors += process_file(path, inp, xfail)
|
|
|
dfa500 |
+ if errors > 0:
|
|
|
dfa500 |
+ sys.exit(1)
|
|
|
dfa500 |
+
|
|
|
dfa500 |
+
|
|
|
dfa500 |
+if __name__ == '__main__':
|
|
|
dfa500 |
+ main()
|
|
|
dfa500 |
diff --git a/sysdeps/sparc/Makefile b/sysdeps/sparc/Makefile
|
|
|
dfa500 |
index 3f0c0964002560f0..a1004e819c9b0c38 100644
|
|
|
dfa500 |
--- a/sysdeps/sparc/Makefile
|
|
|
dfa500 |
+++ b/sysdeps/sparc/Makefile
|
|
|
dfa500 |
@@ -16,5 +16,14 @@ CPPFLAGS-crti.S += -fPIC
|
|
|
dfa500 |
CPPFLAGS-crtn.S += -fPIC
|
|
|
dfa500 |
endif
|
|
|
dfa500 |
|
|
|
dfa500 |
+ifeq ($(subdir),elf)
|
|
|
dfa500 |
+
|
|
|
dfa500 |
+# Lazy binding on SPARC rewrites the PLT sequence. See the Solaris
|
|
|
dfa500 |
+# Linker and Libraries Guide, section SPARC: Procedure Linkage Table.
|
|
|
dfa500 |
+# <https://docs.oracle.com/cd/E19455-01/816-0559/chapter6-1236/index.html>
|
|
|
dfa500 |
+test-xfail-check-wx-segment = *
|
|
|
dfa500 |
+
|
|
|
dfa500 |
+endif # $(subdir) == elf
|
|
|
dfa500 |
+
|
|
|
dfa500 |
# The assembler on SPARC needs the -fPIC flag even when it's assembler code.
|
|
|
dfa500 |
ASFLAGS-.os += -fPIC
|
|
|
dfa500 |
diff --git a/sysdeps/unix/sysv/linux/hppa/Makefile b/sysdeps/unix/sysv/linux/hppa/Makefile
|
|
|
dfa500 |
index e1637f54f508c007..c89ec8318208205d 100644
|
|
|
dfa500 |
--- a/sysdeps/unix/sysv/linux/hppa/Makefile
|
|
|
dfa500 |
+++ b/sysdeps/unix/sysv/linux/hppa/Makefile
|
|
|
dfa500 |
@@ -3,9 +3,14 @@ ifeq ($(subdir),stdlib)
|
|
|
dfa500 |
gen-as-const-headers += ucontext_i.sym
|
|
|
dfa500 |
endif
|
|
|
dfa500 |
|
|
|
dfa500 |
+ifeq ($(subdir),elf)
|
|
|
dfa500 |
# Supporting non-executable stacks on HPPA requires changes to both
|
|
|
dfa500 |
# the Linux kernel and glibc. The kernel currently needs an executable
|
|
|
dfa500 |
# stack for syscall restarts and signal returns.
|
|
|
dfa500 |
-ifeq ($(subdir),elf)
|
|
|
dfa500 |
test-xfail-check-execstack = yes
|
|
|
dfa500 |
-endif
|
|
|
dfa500 |
+
|
|
|
dfa500 |
+# On hppa, the PLT is executable because it contains an executable
|
|
|
dfa500 |
+# trampoline used during lazy binding.
|
|
|
dfa500 |
+test-xfail-check-wx-segment = *
|
|
|
dfa500 |
+
|
|
|
dfa500 |
+endif # $(subdir) == elf
|