diff options
| author | Szabolcs Nagy <szabolcs.nagy@arm.com> | 2018-06-15 16:14:58 +0100 |
|---|---|---|
| committer | Szabolcs Nagy <szabolcs.nagy@arm.com> | 2022-05-17 10:14:03 +0100 |
| commit | ad43cac44a6860eaefcadadfb2acb349921e96bf (patch) | |
| tree | ca4d0de68d4127997785ee0b2a8a7ef97d21669f /sysdeps/mach/hurd | |
| parent | d055481ce39d03652ac60de5078889e15b6917ff (diff) | |
| download | glibc-ad43cac44a6860eaefcadadfb2acb349921e96bf.tar.gz glibc-ad43cac44a6860eaefcadadfb2acb349921e96bf.tar.xz glibc-ad43cac44a6860eaefcadadfb2acb349921e96bf.zip | |
rtld: Use generic argv adjustment in ld.so [BZ #23293]
When an executable is invoked as ./ld.so [ld.so-args] ./exe [exe-args] then the argv is adujusted in ld.so before calling the entry point of the executable so ld.so args are not visible to it. On most targets this requires moving argv, env and auxv on the stack to ensure correct stack alignment at the entry point. This had several issues: - The code for this adjustment on the stack is written in asm as part of the target specific ld.so _start code which is hard to maintain. - The adjustment is done after _dl_start returns, where it's too late to update GLRO(dl_auxv), as it is already readonly, so it points to memory that was clobbered by the adjustment. This is bug 23293. - _environ is also wrong in ld.so after the adjustment, but it is likely not used after _dl_start returns so this is not user visible. - _dl_argv was updated, but for this it was moved out of relro, which changes security properties across targets unnecessarily. This patch introduces a generic _dl_start_args_adjust function that handles the argument adjustments after ld.so processed its own args and before relro protection is applied. The same algorithm is used on all targets, _dl_skip_args is now 0, so existing target specific adjustment code is no longer used. The bug affects aarch64, alpha, arc, arm, csky, ia64, nios2, s390-32 and sparc, other targets don't need the change in principle, only for consistency. The GNU Hurd start code relied on _dl_skip_args after dl_main returned, now it checks directly if args were adjusted and fixes the Hurd startup data accordingly. Follow up patches can remove _dl_skip_args and DL_ARGV_NOT_RELRO. Tested on aarch64-linux-gnu and cross tested on i686-gnu. Reviewed-by: Adhemerval Zanella <adhemerval.zanella@linaro.org>
Diffstat (limited to 'sysdeps/mach/hurd')
| -rw-r--r-- | sysdeps/mach/hurd/dl-sysdep.c | 30 |
1 files changed, 13 insertions, 17 deletions
diff --git a/sysdeps/mach/hurd/dl-sysdep.c b/sysdeps/mach/hurd/dl-sysdep.c index 3cbe075615..8373962e62 100644 --- a/sysdeps/mach/hurd/dl-sysdep.c +++ b/sysdeps/mach/hurd/dl-sysdep.c @@ -76,6 +76,7 @@ _dl_sysdep_start (void **start_argptr, { void go (intptr_t *argdata) { + char *orig_argv0; char **p; /* Cache the information in various global variables. */ @@ -84,6 +85,8 @@ _dl_sysdep_start (void **start_argptr, _environ = &_dl_argv[_dl_argc + 1]; for (p = _environ; *p++;); /* Skip environ pointers and terminator. */ + orig_argv0 = _dl_argv[0]; + if ((void *) p == _dl_argv[0]) { static struct hurd_startup_data nodata; @@ -173,30 +176,23 @@ _dl_sysdep_start (void **start_argptr, /* The call above might screw a few things up. - First of all, if _dl_skip_args is nonzero, we are ignoring - the first few arguments. However, if we have no Hurd startup - data, it is the magical convention that ARGV[0] == P. The + P is the location after the terminating NULL of the list of + environment variables. It has to point to the Hurd startup + data or if that's missing then P == ARGV[0] must hold. The startup code in init-first.c will get confused if this is not the case, so we must rearrange things to make it so. We'll - overwrite the origional ARGV[0] at P with ARGV[_dl_skip_args]. + recompute P and move the Hurd data or the new ARGV[0] there. - Secondly, if we need to be secure, it removes some dangerous - environment variables. If we have no Hurd startup date this - changes P (since that's the location after the terminating - NULL in the list of environment variables). We do the same - thing as in the first case but make sure we recalculate P. - If we do have Hurd startup data, we have to move the data - such that it starts just after the terminating NULL in the - environment list. + Note: directly invoked ld.so can move arguments and env vars. We use memmove, since the locations might overlap. */ - if (__libc_enable_secure || _dl_skip_args) - { - char **newp; - for (newp = _environ; *newp++;); + char **newp; + for (newp = _environ; *newp++;); - if (_dl_argv[-_dl_skip_args] == (char *) p) + if (newp != p || _dl_argv[0] != orig_argv0) + { + if (orig_argv0 == (char *) p) { if ((char *) newp != _dl_argv[0]) { |