ld.so: Examine GLRO to detect inactive loader [BZ #20204]

GLRO (_rtld_global_ro) is read-only after initialization and can
therefore not be patched at run time, unlike the hook table addresses
and their contents, so this is a desirable hardening feature.

The hooks are only needed if ld.so has not been initialized, and this
happens only after static dlopen (dlmopen uses a single ld.so object
across all namespaces).

Reviewed-by: Carlos O'Donell <carlos@redhat.com>

1 files changed, 22 insertions, 0 deletions

diff --git a/ChangeLog b/ChangeLog
index c5ee8fc91a..a46375fd56 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,25 @@
+2017-12-18  Florian Weimer  <fweimer@redhat.com>
+
+	[BZ #20204]
+	ld.so: Harden dl-libc/libdl hooks.
+	* sysdeps/generic/ldsodefs.h (_dl_init_all_dirs): Update comment.
+	(rtld_active): New function.
+	* dlfcn/dladdr.c (__dladdr): Call it.
+	* dlfcn/dladdr1.c (__dladdr1): Likewise.
+	* dlfcn/dlclose.c (__dlcose): Likewise.
+	* dlfcn/dlerror.c (__dlerror): Likewise.
+	* dlfcn/dlinfo.c (__dlinfo): Likewise.
+	* dlfcn/dlmopen.c (__dlmopen): Likewise.
+	* dlfcn/dlopen.c (__dlopen): Likewise.
+	* dlfcn/dlopenold.c (__dlopen_nocheck): Likewise.
+	* dlfcn/dlsym.c (__dlsym): Likewise.
+	* dlfcn/dlvsym.c (__dlvsym): Likewise.
+	* libio/vtables.c (_IO_vtable_check): Likewise.
+	* elf/dl-libc.c (__libc_dlopen_mode, __libc_dlsym)
+	(__libc_dlclose): Likewise.
+	* elf/rtld.c (dl_main): Update comment on the _dl_init_all_dirs
+	assignment.
+
 2017-12-18  Joseph Myers  <joseph@codesourcery.com>
 
 	[BZ #22446]