diff options
-rw-r--r-- | ChangeLog | 20 | ||||
-rw-r--r-- | elf/dl-support.c | 8 | ||||
-rw-r--r-- | elf/dl-sysdep.c | 7 | ||||
-rw-r--r-- | elf/rtld.c | 18 | ||||
-rw-r--r-- | sysdeps/generic/dl-osinfo.h | 29 | ||||
-rw-r--r-- | sysdeps/generic/ldsodefs.h | 5 | ||||
-rw-r--r-- | sysdeps/unix/sysv/linux/dl-osinfo.h | 56 |
7 files changed, 112 insertions, 31 deletions
diff --git a/ChangeLog b/ChangeLog index 19427d8f42..f8a5cde3ef 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,23 @@ +2009-01-10 Ulrich Drepper <drepper@redhat.com> + + * sysdeps/generic/dl-osinfo.h (_dl_setup_stack_chk_guard): Take + one parameter. If non-NULL use it to initialize return value. + (_dl_setup_pointer_guard): New function. + * sysdeps/unix/sysv/linux/dl-osinfo.h: Likewise. + * sysdeps/generic/ldsodefs.h: Declare _dl_random. + * elf/rtld.c (security_init): Pass _dl_random to + _dl_setup_stack_chk_guard. Call _dl_setup_pointer_guard to initialize + pointer_chk_guard. + * elf/dl-sysdep.c (_dl_random): New variable. + (_dl_sysdep_start): Handle AT_RANDOM. + (_dl_show_auxv): Likewise. + * elf/dl-support.c (_dl_random): New variable. + (_dl_aux_init): Handle AT_RANDOM. + * csu/libc-start.c [!SHARED] (libc_start_main): Pass _dl_random + to _dl_setup_stack_chk_guard. + + * elf/elf.h (AT_RANDOM): Define AT_BASE_PLATFORM and AT_RANDOM. + 2009-01-10 Roland McGrath <roland@redhat.com> * nscd/nscd.c (parse_opt): Use argp_error for bad -i argument. diff --git a/elf/dl-support.c b/elf/dl-support.c index 6bd573ec57..59a8dd9b97 100644 --- a/elf/dl-support.c +++ b/elf/dl-support.c @@ -1,5 +1,5 @@ /* Support for dynamic linking code in static libc. - Copyright (C) 1996-2005, 2006, 2007, 2008 Free Software Foundation, Inc. + Copyright (C) 1996-2008, 2009 Free Software Foundation, Inc. This file is part of the GNU C Library. The GNU C Library is free software; you can redistribute it and/or @@ -84,6 +84,9 @@ struct r_scope_elem _dl_initial_searchlist; int _dl_starting_up = 1; #endif +/* Random data provided by the kernel. */ +void *_dl_random; + /* Get architecture specific initializer. */ #include <dl-procinfo.c> @@ -216,6 +219,9 @@ _dl_aux_init (ElfW(auxv_t) *av) __libc_enable_secure = av->a_un.a_val; __libc_enable_secure_decided = 1; break; + case AT_RANDOM: + _dl_random = (void *) av->a_un.a_val; + break; # ifdef DL_PLATFORM_AUXV DL_PLATFORM_AUXV # endif diff --git a/elf/dl-sysdep.c b/elf/dl-sysdep.c index e6f4272a63..a44bee7086 100644 --- a/elf/dl-sysdep.c +++ b/elf/dl-sysdep.c @@ -1,5 +1,5 @@ /* Operating system support for run-time dynamic linker. Generic Unix version. - Copyright (C) 1995-1998, 2000-2007, 2008 Free Software Foundation, Inc. + Copyright (C) 1995-1998, 2000-2008, 2009 Free Software Foundation, Inc. This file is part of the GNU C Library. The GNU C Library is free software; you can redistribute it and/or @@ -62,6 +62,7 @@ int __libc_multiple_libcs = 0; /* Defining this here avoids the inclusion void *__libc_stack_end attribute_relro = NULL; rtld_hidden_data_def(__libc_stack_end) static ElfW(auxv_t) *_dl_auxv attribute_relro; +void *_dl_random attribute_relro = NULL; #ifndef DL_FIND_ARG_COMPONENTS # define DL_FIND_ARG_COMPONENTS(cookie, argc, argv, envp, auxp) \ @@ -173,6 +174,9 @@ _dl_sysdep_start (void **start_argptr, GLRO(dl_sysinfo_dso) = (void *) av->a_un.a_val; break; #endif + case AT_RANDOM: + _dl_random = (void *) av->a_un.a_val; + break; #ifdef DL_PLATFORM_AUXV DL_PLATFORM_AUXV #endif @@ -294,6 +298,7 @@ _dl_show_auxv (void) [AT_SECURE - 2] = { "AT_SECURE: ", dec }, [AT_SYSINFO - 2] = { "AT_SYSINFO: 0x", hex }, [AT_SYSINFO_EHDR - 2] = { "AT_SYSINFO_EHDR: 0x", hex }, + [AT_RANDOM - 2] = { "AT_RANDOM: 0x", hex }, }; unsigned int idx = (unsigned int) (av->a_type - 2); diff --git a/elf/rtld.c b/elf/rtld.c index 46bece7fa3..aa4c030f73 100644 --- a/elf/rtld.c +++ b/elf/rtld.c @@ -1,5 +1,5 @@ /* Run time dynamic linker. - Copyright (C) 1995-2006, 2007, 2008 Free Software Foundation, Inc. + Copyright (C) 1995-2006, 2007, 2008, 2009 Free Software Foundation, Inc. This file is part of the GNU C Library. The GNU C Library is free software; you can redistribute it and/or @@ -841,7 +841,7 @@ static void security_init (void) { /* Set up the stack checker's canary. */ - uintptr_t stack_chk_guard = _dl_setup_stack_chk_guard (); + uintptr_t stack_chk_guard = _dl_setup_stack_chk_guard (_dl_random); #ifdef THREAD_SET_STACK_GUARD THREAD_SET_STACK_GUARD (stack_chk_guard); #else @@ -851,18 +851,18 @@ security_init (void) /* Set up the pointer guard as well, if necessary. */ if (GLRO(dl_pointer_guard)) { - // XXX If it is cheap, we should use a separate value. - uintptr_t pointer_chk_guard = stack_chk_guard; -#ifndef HP_TIMING_NONAVAIL - hp_timing_t now; - HP_TIMING_NOW (now); - pointer_chk_guard ^= now; -#endif + uintptr_t pointer_chk_guard = _dl_setup_pointer_guard (_dl_random, + stack_chk_guard); #ifdef THREAD_SET_POINTER_GUARD THREAD_SET_POINTER_GUARD (pointer_chk_guard); #endif __pointer_chk_guard_local = pointer_chk_guard; } + + /* We do not need the _dl_random value anymore. The less + information we leave behind, the better, so clear the + variable. */ + _dl_random = NULL; } diff --git a/sysdeps/generic/dl-osinfo.h b/sysdeps/generic/dl-osinfo.h index 60b84a900d..02ec28d424 100644 --- a/sysdeps/generic/dl-osinfo.h +++ b/sysdeps/generic/dl-osinfo.h @@ -1,12 +1,29 @@ #include <stdint.h> static inline uintptr_t __attribute__ ((always_inline)) -_dl_setup_stack_chk_guard (void) +_dl_setup_stack_chk_guard (void *dl_random) { - uintptr_t ret = 0; - unsigned char *p = (unsigned char *) &ret; - p[sizeof (ret) - 1] = 255; - p[sizeof (ret) - 2] = '\n'; - p[0] = 0; + uintptr_t ret; + if (dl_random == NULL) + { + ret = 0; + unsigned char *p = (unsigned char *) &ret; + p[sizeof (ret) - 1] = 255; + p[sizeof (ret) - 2] = '\n'; + p[0] = 0; + } + else + memcmp (&ret, dl_random, sizeof (ret)); + return ret; +} + +static inline uintptr_t __attribute__ ((always_inline)) +_dl_setup_pointer_guard (void *dl_random, uintptr_t stack_chk_guard) +{ + uintptr_t ret; + if (dl_random == NULL) + ret = stack_chk_guard; + else + memcmp (&ret, (char *) dl_random + sizeof (ret), sizeof (ret)); return ret; } diff --git a/sysdeps/generic/ldsodefs.h b/sysdeps/generic/ldsodefs.h index 4d857404a3..e00b173f49 100644 --- a/sysdeps/generic/ldsodefs.h +++ b/sysdeps/generic/ldsodefs.h @@ -1,5 +1,5 @@ /* Run-time dynamic linker data structures for loaded ELF shared objects. - Copyright (C) 1995-2006, 2007, 2008 Free Software Foundation, Inc. + Copyright (C) 1995-2006, 2007, 2008, 2009 Free Software Foundation, Inc. This file is part of the GNU C Library. The GNU C Library is free software; you can redistribute it and/or @@ -731,6 +731,9 @@ weak_extern (_dl_starting_up) extern int _dl_starting_up_internal attribute_hidden; #endif +/* Random data provided by the kernel. */ +extern void *_dl_random attribute_hidden; + /* OS-dependent function to open the zero-fill device. */ extern int _dl_sysdep_open_zero_fill (void); /* dl-sysdep.c */ diff --git a/sysdeps/unix/sysv/linux/dl-osinfo.h b/sysdeps/unix/sysv/linux/dl-osinfo.h index 5271d4e4de..415002b1b2 100644 --- a/sysdeps/unix/sysv/linux/dl-osinfo.h +++ b/sysdeps/unix/sysv/linux/dl-osinfo.h @@ -1,5 +1,5 @@ /* Operating system specific code for generic dynamic loader functions. Linux. - Copyright (C) 2000-2002,2004-2007,2008 Free Software Foundation, Inc. + Copyright (C) 2000-2002,2004-2008, 2009 Free Software Foundation, Inc. This file is part of the GNU C Library. The GNU C Library is free software; you can redistribute it and/or @@ -60,22 +60,52 @@ dl_fatal (const char *str) } while (0) static inline uintptr_t __attribute__ ((always_inline)) -_dl_setup_stack_chk_guard (void) +_dl_setup_stack_chk_guard (void *dl_random) { uintptr_t ret; -#ifdef ENABLE_STACKGUARD_RANDOMIZE - int fd = __open ("/dev/urandom", O_RDONLY); - if (fd >= 0) +#ifndef __ASSUME_AT_RANDOM + if (__builtin_expect (dl_random == NULL, 0)) { - ssize_t reslen = __read (fd, &ret, sizeof (ret)); - __close (fd); - if (reslen == (ssize_t) sizeof (ret)) - return ret; +# ifdef ENABLE_STACKGUARD_RANDOMIZE + int fd = __open ("/dev/urandom", O_RDONLY); + if (fd >= 0) + { + ssize_t reslen = __read (fd, &ret, sizeof (ret)); + __close (fd); + if (reslen == (ssize_t) sizeof (ret)) + return ret; + } +# endif + ret = 0; + unsigned char *p = (unsigned char *) &ret; + p[sizeof (ret) - 1] = 255; + p[sizeof (ret) - 2] = '\n'; } + else #endif - ret = 0; - unsigned char *p = (unsigned char *) &ret; - p[sizeof (ret) - 1] = 255; - p[sizeof (ret) - 2] = '\n'; + /* We need in the moment only 8 bytes on 32-bit platforms and 16 + bytes on 64-bit platforms. Therefore we can use the data + directly and not use the kernel-provided data to seed a PRNG. */ + memcpy (&ret, dl_random, sizeof (ret)); + return ret; +} + +static inline uintptr_t __attribute__ ((always_inline)) +_dl_setup_pointer_guard (void *dl_random, uintptr_t stack_chk_guard) +{ + uintptr_t ret; +#ifndef __ASSUME_AT_RANDOM + if (dl_random == NULL) + { + ret = stack_chk_guard; +# ifndef HP_TIMING_NONAVAIL + hp_timing_t now; + HP_TIMING_NOW (now); + ret ^= now; +# endif + } + else +#endif + memcpy (&ret, (char *) dl_random + sizeof (ret), sizeof (ret)); return ret; } |