2 files changed, 25 insertions, 3 deletions

diff --git a/sysdeps/generic/ldsodefs.h b/sysdeps/generic/ldsodefs.h
index 4ff8bbf217..53c3290e01 100644
--- a/sysdeps/generic/ldsodefs.h
+++ b/sysdeps/generic/ldsodefs.h
@@ -171,6 +171,17 @@ struct libname_list
   };
 
 
+/* Bit masks for the objects which valid callers can come from to
+   functions with restricted interface.  */
+enum allowmask
+  {
+    allow_libc = 1,
+    allow_libdl = 2,
+    allow_libpthread = 4,
+    allow_ldso = 8
+  };
+
+
 /* Test whether given NAME matches any of the names of the given object.  */
 extern int _dl_name_match_p (const char *__name, struct link_map *__map)
      internal_function;
@@ -492,6 +503,7 @@ struct rtld_global_ro
 						     const struct r_found_version *,
 						     int, int,
 						     struct link_map *);
+  int (*_dl_check_caller) (const void *, enum allowmask);
 
 };
 # define __rtld_global_attribute__
@@ -878,6 +890,10 @@ extern size_t _dl_dst_count (const char *name, int is_path) attribute_hidden;
 extern char *_dl_dst_substitute (struct link_map *l, const char *name,
 				 char *result, int is_path) attribute_hidden;
 
+/* Check validity of the caller.  */
+extern int _dl_check_caller (const void *caller, enum allowmask mask)
+     attribute_hidden;
+
 __END_DECLS
 
 #endif /* ldsodefs.h */
diff --git a/sysdeps/unix/sysv/linux/dl-execstack.c b/sysdeps/unix/sysv/linux/dl-execstack.c
index d3b048192c..248196040a 100644
--- a/sysdeps/unix/sysv/linux/dl-execstack.c
+++ b/sysdeps/unix/sysv/linux/dl-execstack.c
@@ -20,8 +20,10 @@
 #include <ldsodefs.h>
 #include <sys/mman.h>
 #include <errno.h>
+#include <libintl.h>
 #include <stdbool.h>
 #include <stackinfo.h>
+#include <caller.h>
 
 #include "kernel-features.h"
 
@@ -31,13 +33,14 @@ internal_function
 _dl_make_stack_executable (void **stack_endp)
 {
   /* This gives us the highest/lowest page that needs to be changed.  */
-  uintptr_t page = ((uintptr_t) __libc_stack_end
+  uintptr_t page = ((uintptr_t) *stack_endp
 		    & -(intptr_t) GLRO(dl_pagesize));
 
   /* Challenge the caller.  */
-  if (__builtin_expect (*stack_endp != __libc_stack_end, 0))
+  if (__builtin_expect (__check_caller (__builtin_return_address (0),
+					allow_ldso|allow_libpthread) != 0, 0)
+      || __builtin_expect (*stack_endp != __libc_stack_end, 0))
     return EPERM;
-  *stack_endp = NULL;
 
 #if _STACK_GROWS_DOWN
   /* Newer Linux kernels support a flag to make our job easy.  */
@@ -151,6 +154,9 @@ _dl_make_stack_executable (void **stack_endp)
 #endif
 
  return_success:
+  /* Clear the address.  */
+  *stack_endp = NULL;
+
   /* Remember that we changed the permission.  */
   GL(dl_stack_flags) |= PF_X;