diff options
| author | Florian Weimer <fweimer@redhat.com> | 2017-12-18 20:04:13 +0100 |
|---|---|---|
| committer | Florian Weimer <fweimer@redhat.com> | 2017-12-18 20:04:13 +0100 |
| commit | 8e1472d2c1e25e6eabc2059170731365f6d5b3d1 (patch) | |
| tree | 5b29308e6b00178a34422b6f7bb7b4f9252801dc /elf | |
| parent | 49b036bce9f021ae994a85aee8b410d20b29c8b7 (diff) | |
ld.so: Examine GLRO to detect inactive loader [BZ #20204]
GLRO (_rtld_global_ro) is read-only after initialization and can
therefore not be patched at run time, unlike the hook table addresses
and their contents, so this is a desirable hardening feature.
The hooks are only needed if ld.so has not been initialized, and this
happens only after static dlopen (dlmopen uses a single ld.so object
across all namespaces).
Reviewed-by: Carlos O'Donell <carlos@redhat.com>
Diffstat (limited to 'elf')
| -rw-r--r-- | elf/dl-libc.c | 6 | ||||
| -rw-r--r-- | elf/rtld.c | 4 |
2 files changed, 6 insertions, 4 deletions
diff --git a/elf/dl-libc.c b/elf/dl-libc.c index bd3c18d20f..7d9a8948f3 100644 --- a/elf/dl-libc.c +++ b/elf/dl-libc.c @@ -157,7 +157,7 @@ __libc_dlopen_mode (const char *name, int mode) args.caller_dlopen = RETURN_ADDRESS (0); #ifdef SHARED - if (__glibc_unlikely (_dl_open_hook != NULL)) + if (!rtld_active ()) return _dl_open_hook->dlopen_mode (name, mode); return (dlerror_run (do_dlopen, &args) ? NULL : (void *) args.map); #else @@ -203,7 +203,7 @@ __libc_dlsym (void *map, const char *name) args.name = name; #ifdef SHARED - if (__glibc_unlikely (_dl_open_hook != NULL)) + if (!rtld_active ()) return _dl_open_hook->dlsym (map, name); #endif return (dlerror_run (do_dlsym, &args) ? NULL @@ -215,7 +215,7 @@ int __libc_dlclose (void *map) { #ifdef SHARED - if (__glibc_unlikely (_dl_open_hook != NULL)) + if (!rtld_active ()) return _dl_open_hook->dlclose (map); #endif return dlerror_run (do_dlclose, map); diff --git a/elf/rtld.c b/elf/rtld.c index cfd3729b8e..c01b7e3641 100644 --- a/elf/rtld.c +++ b/elf/rtld.c @@ -2096,7 +2096,9 @@ ERROR: ld.so: object '%s' cannot be loaded as audit interface: %s; ignored.\n", GLRO(dl_initial_searchlist) = *GL(dl_ns)[LM_ID_BASE]._ns_main_searchlist; /* Remember the last search directory added at startup, now that - malloc will no longer be the one from dl-minimal.c. */ + malloc will no longer be the one from dl-minimal.c. As a side + effect, this marks ld.so as initialized, so that the rtld_active + function returns true from now on. */ GLRO(dl_init_all_dirs) = GL(dl_all_dirs); /* Print scope information. */ |