diff options
| author | Ulrich Drepper <drepper@redhat.com> | 2007-10-31 15:28:30 +0000 |
|---|---|---|
| committer | Ulrich Drepper <drepper@redhat.com> | 2007-10-31 15:28:30 +0000 |
| commit | 4c48ef06b4037694d9a548a088f64b6e2f2bb7cf (patch) | |
| tree | e2b1ee1509b7115425efb17b2ac57bafbd9c0914 /elf | |
| parent | 31e2791ced09084cca6880375fab06f3dbc8f212 (diff) | |
| download | glibc-4c48ef06b4037694d9a548a088f64b6e2f2bb7cf.tar.gz glibc-4c48ef06b4037694d9a548a088f64b6e2f2bb7cf.tar.xz glibc-4c48ef06b4037694d9a548a088f64b6e2f2bb7cf.zip | |
* elf/rtld.c (dl_main): Initialize stack and pointer guard early
when using auditing libraries.
Diffstat (limited to 'elf')
| -rw-r--r-- | elf/rtld.c | 62 |
1 files changed, 39 insertions, 23 deletions
diff --git a/elf/rtld.c b/elf/rtld.c index 7612a69324..6df81fb2c1 100644 --- a/elf/rtld.c +++ b/elf/rtld.c @@ -833,6 +833,35 @@ rtld_lock_default_unlock_recursive (void *lock) #endif +static void +security_init (void) +{ + /* Set up the stack checker's canary. */ + uintptr_t stack_chk_guard = _dl_setup_stack_chk_guard (); +#ifdef THREAD_SET_STACK_GUARD + THREAD_SET_STACK_GUARD (stack_chk_guard); +#else + __stack_chk_guard = stack_chk_guard; +#endif + + /* Set up the pointer guard as well, if necessary. */ + if (GLRO(dl_pointer_guard)) + { + // XXX If it is cheap, we should use a separate value. + uintptr_t pointer_chk_guard = stack_chk_guard; +#ifndef HP_TIMING_NONAVAIL + hp_timing_t now; + HP_TIMING_NOW (now); + pointer_chk_guard ^= now; +#endif +#ifdef THREAD_SET_POINTER_GUARD + THREAD_SET_POINTER_GUARD (pointer_chk_guard); +#endif + __pointer_chk_guard_local = pointer_chk_guard; + } +} + + /* The library search path. */ static const char *library_path attribute_relro; /* The list preloaded objects. */ @@ -1405,6 +1434,12 @@ of this helper program; chances are you did not intend to run this program.\n\ initialize the data structures now. */ tcbp = init_tls (); + /* Initialize security features. We need to do it this early + since otherwise the constructors of the audit libraries will + use different values (especially the pointer guard) and will + fail later on. */ + security_init (); + do { int tls_idx = GL(dl_tls_max_dtv_idx); @@ -1815,29 +1850,10 @@ ERROR: ld.so: object '%s' cannot be loaded as audit interface: %s; ignored.\n", if (tcbp == NULL) tcbp = init_tls (); - /* Set up the stack checker's canary. */ - uintptr_t stack_chk_guard = _dl_setup_stack_chk_guard (); -#ifdef THREAD_SET_STACK_GUARD - THREAD_SET_STACK_GUARD (stack_chk_guard); -#else - __stack_chk_guard = stack_chk_guard; -#endif - - /* Set up the pointer guard as well, if necessary. */ - if (GLRO(dl_pointer_guard)) - { - // XXX If it is cheap, we should use a separate value. - uintptr_t pointer_chk_guard = stack_chk_guard; -#ifndef HP_TIMING_NONAVAIL - hp_timing_t now; - HP_TIMING_NOW (now); - pointer_chk_guard ^= now; -#endif -#ifdef THREAD_SET_POINTER_GUARD - THREAD_SET_POINTER_GUARD (pointer_chk_guard); -#endif - __pointer_chk_guard_local = pointer_chk_guard; - } + if (__builtin_expect (audit_list == NULL, 1)) + /* Initialize security features. But only if we have not done it + earlier. */ + security_init (); if (__builtin_expect (mode, normal) != normal) { |