|
 |
abe59f |
Downstream-only patch to change rtld_active () to return true during
|
|
|
abe59f |
early audit operations. GLRO (_dl_profile_output) is initialized much
|
|
|
abe59f |
earlier than GLRO (dl_init_all_dirs), before auditors run, so it is a
|
|
|
abe59f |
good replacement.
|
|
|
abe59f |
|
|
|
abe59f |
This is addressed downstream very differently, in this commit:
|
|
|
abe59f |
|
|
|
abe59f |
commit 8dcb6d0af07fda3607b541857e4f3970a74ed55b
|
|
|
abe59f |
Author: Florian Weimer <fweimer@redhat.com>
|
|
|
abe59f |
Date: Tue Apr 26 14:23:02 2022 +0200
|
|
|
abe59f |
|
|
|
abe59f |
dlfcn: Do not use rtld_active () to determine ld.so state (bug 29078)
|
|
|
abe59f |
|
|
|
abe59f |
When audit modules are loaded, ld.so initialization is not yet
|
|
|
abe59f |
complete, and rtld_active () returns false even though ld.so is
|
|
|
abe59f |
mostly working. Instead, the static dlopen hook is used, but that
|
|
|
abe59f |
does not work at all because this is not a static dlopen situation.
|
|
|
abe59f |
|
|
|
abe59f |
Commit 466c1ea15f461edb8e3ffaf5d86d708876343bbf ("dlfcn: Rework
|
|
|
abe59f |
static dlopen hooks") moved the hook pointer into _rtld_global_ro,
|
|
|
abe59f |
which means that separate protection is not needed anymore and the
|
|
|
abe59f |
hook pointer can be checked directly.
|
|
|
abe59f |
|
|
|
abe59f |
The guard for disabling libio vtable hardening in _IO_vtable_check
|
|
|
abe59f |
should stay for now.
|
|
|
abe59f |
|
|
|
abe59f |
Fixes commit 8e1472d2c1e25e6eabc2059170731365f6d5b3d1 ("ld.so:
|
|
|
abe59f |
Examine GLRO to detect inactive loader [BZ #20204]").
|
|
|
abe59f |
|
|
|
abe59f |
Reviewed-by: Adhemerval Zanella <adhemerval.zanella@linaro.org>
|
|
|
abe59f |
|
|
|
abe59f |
diff --git a/elf/rtld.c b/elf/rtld.c
|
|
|
abe59f |
index 22cceeab40319582..b47e84ca2fb6f03c 100644
|
|
|
abe59f |
--- a/elf/rtld.c
|
|
|
abe59f |
+++ b/elf/rtld.c
|
|
|
abe59f |
@@ -2352,9 +2352,7 @@ ERROR: '%s': cannot process note segment.\n", _dl_argv[0]);
|
|
|
abe59f |
GLRO(dl_initial_searchlist) = *GL(dl_ns)[LM_ID_BASE]._ns_main_searchlist;
|
|
|
abe59f |
|
|
|
abe59f |
/* Remember the last search directory added at startup, now that
|
|
|
abe59f |
- malloc will no longer be the one from dl-minimal.c. As a side
|
|
|
abe59f |
- effect, this marks ld.so as initialized, so that the rtld_active
|
|
|
abe59f |
- function returns true from now on. */
|
|
|
abe59f |
+ malloc will no longer be the one from dl-minimal.c. */
|
|
|
abe59f |
GLRO(dl_init_all_dirs) = GL(dl_all_dirs);
|
|
|
abe59f |
|
|
|
abe59f |
/* Print scope information. */
|
|
|
abe59f |
@@ -2675,7 +2673,9 @@ process_envvars (struct dl_main_state *state)
|
|
|
abe59f |
char *envline;
|
|
|
abe59f |
char *debug_output = NULL;
|
|
|
abe59f |
|
|
|
abe59f |
- /* This is the default place for profiling data file. */
|
|
|
abe59f |
+ /* This is the default place for profiling data file. As a side
|
|
|
abe59f |
+ effect, this marks ld.so as initialized, so that the rtld_active
|
|
|
abe59f |
+ function returns true from now on. */
|
|
|
abe59f |
GLRO(dl_profile_output)
|
|
|
abe59f |
= &"/var/tmp\0/var/profile"[__libc_enable_secure ? 9 : 0];
|
|
|
abe59f |
|
|
|
abe59f |
diff --git a/sysdeps/generic/ldsodefs.h b/sysdeps/generic/ldsodefs.h
|
|
|
abe59f |
index d4f70211c34d1c59..9dec9e3d3b6d6aa2 100644
|
|
|
abe59f |
--- a/sysdeps/generic/ldsodefs.h
|
|
|
abe59f |
+++ b/sysdeps/generic/ldsodefs.h
|
|
|
abe59f |
@@ -600,18 +600,18 @@ struct rtld_global_ro
|
|
|
abe59f |
|
|
|
abe59f |
/* Name of the shared object to be profiled (if any). */
|
|
|
abe59f |
EXTERN const char *_dl_profile;
|
|
|
abe59f |
- /* Filename of the output file. */
|
|
|
abe59f |
+ /* Filename of the output file. This is assigned a
|
|
|
abe59f |
+ non-NULL pointer by the ld.so startup code (after initialization
|
|
|
abe59f |
+ to NULL), so this can also serve as an indicator whether a copy
|
|
|
abe59f |
+ of ld.so is initialized and active. See the rtld_active function
|
|
|
abe59f |
+ below. */
|
|
|
abe59f |
EXTERN const char *_dl_profile_output;
|
|
|
abe59f |
/* Name of the object we want to trace the prelinking. */
|
|
|
abe59f |
EXTERN const char *_dl_trace_prelink;
|
|
|
abe59f |
/* Map of shared object to be prelink traced. */
|
|
|
abe59f |
EXTERN struct link_map *_dl_trace_prelink_map;
|
|
|
abe59f |
|
|
|
abe59f |
- /* All search directories defined at startup. This is assigned a
|
|
|
abe59f |
- non-NULL pointer by the ld.so startup code (after initialization
|
|
|
abe59f |
- to NULL), so this can also serve as an indicator whether a copy
|
|
|
abe59f |
- of ld.so is initialized and active. See the rtld_active function
|
|
|
abe59f |
- below. */
|
|
|
abe59f |
+ /* All search directories defined at startup. */
|
|
|
abe59f |
EXTERN struct r_search_path_elem *_dl_init_all_dirs;
|
|
|
abe59f |
|
|
|
abe59f |
#ifdef NEED_DL_SYSINFO
|
|
|
abe59f |
@@ -1259,9 +1259,9 @@ static inline bool
|
|
|
abe59f |
rtld_active (void)
|
|
|
abe59f |
{
|
|
|
abe59f |
/* The default-initialized variable does not have a non-zero
|
|
|
abe59f |
- dl_init_all_dirs member, so this allows us to recognize an
|
|
|
abe59f |
+ dl_profile_output member, so this allows us to recognize an
|
|
|
abe59f |
initialized and active ld.so copy. */
|
|
|
abe59f |
- return GLRO(dl_init_all_dirs) != NULL;
|
|
|
abe59f |
+ return GLRO(dl_profile_output) != NULL;
|
|
|
abe59f |
}
|
|
|
abe59f |
|
|
|
abe59f |
static inline struct auditstate *
|