about summary refs log tree commit diff
diff options
context:
space:
mode:
-rw-r--r--ChangeLog5
-rw-r--r--elf/rtld.c62
2 files changed, 44 insertions, 23 deletions
diff --git a/ChangeLog b/ChangeLog
index e8afd16cdb..38f9a33a1a 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,8 @@
+2007-10-31  Ulrich Drepper  <drepper@redhat.com>
+
+	* elf/rtld.c (dl_main): Initialize stack and pointer guard early
+	when using auditing libraries.
+
 2007-10-29  Ulrich Drepper  <drepper@redhat.com>
 
 	* resolv/Versions [libresolv] (GLIBC_PRIVATE): Add
diff --git a/elf/rtld.c b/elf/rtld.c
index 7612a69324..6df81fb2c1 100644
--- a/elf/rtld.c
+++ b/elf/rtld.c
@@ -833,6 +833,35 @@ rtld_lock_default_unlock_recursive (void *lock)
 #endif
 
 
+static void
+security_init (void)
+{
+  /* Set up the stack checker's canary.  */
+  uintptr_t stack_chk_guard = _dl_setup_stack_chk_guard ();
+#ifdef THREAD_SET_STACK_GUARD
+  THREAD_SET_STACK_GUARD (stack_chk_guard);
+#else
+  __stack_chk_guard = stack_chk_guard;
+#endif
+
+  /* Set up the pointer guard as well, if necessary.  */
+  if (GLRO(dl_pointer_guard))
+    {
+      // XXX If it is cheap, we should use a separate value.
+      uintptr_t pointer_chk_guard = stack_chk_guard;
+#ifndef HP_TIMING_NONAVAIL
+      hp_timing_t now;
+      HP_TIMING_NOW (now);
+      pointer_chk_guard ^= now;
+#endif
+#ifdef THREAD_SET_POINTER_GUARD
+      THREAD_SET_POINTER_GUARD (pointer_chk_guard);
+#endif
+      __pointer_chk_guard_local = pointer_chk_guard;
+    }
+}
+
+
 /* The library search path.  */
 static const char *library_path attribute_relro;
 /* The list preloaded objects.  */
@@ -1405,6 +1434,12 @@ of this helper program; chances are you did not intend to run this program.\n\
 	 initialize the data structures now.  */
       tcbp = init_tls ();
 
+      /* Initialize security features.  We need to do it this early
+	 since otherwise the constructors of the audit libraries will
+	 use different values (especially the pointer guard) and will
+	 fail later on.  */
+      security_init ();
+
       do
 	{
 	  int tls_idx = GL(dl_tls_max_dtv_idx);
@@ -1815,29 +1850,10 @@ ERROR: ld.so: object '%s' cannot be loaded as audit interface: %s; ignored.\n",
   if (tcbp == NULL)
     tcbp = init_tls ();
 
-  /* Set up the stack checker's canary.  */
-  uintptr_t stack_chk_guard = _dl_setup_stack_chk_guard ();
-#ifdef THREAD_SET_STACK_GUARD
-  THREAD_SET_STACK_GUARD (stack_chk_guard);
-#else
-  __stack_chk_guard = stack_chk_guard;
-#endif
-
-  /* Set up the pointer guard as well, if necessary.  */
-  if (GLRO(dl_pointer_guard))
-    {
-      // XXX If it is cheap, we should use a separate value.
-      uintptr_t pointer_chk_guard = stack_chk_guard;
-#ifndef HP_TIMING_NONAVAIL
-      hp_timing_t now;
-      HP_TIMING_NOW (now);
-      pointer_chk_guard ^= now;
-#endif
-#ifdef THREAD_SET_POINTER_GUARD
-      THREAD_SET_POINTER_GUARD (pointer_chk_guard);
-#endif
-      __pointer_chk_guard_local = pointer_chk_guard;
-    }
+  if (__builtin_expect (audit_list == NULL, 1))
+    /* Initialize security features.  But only if we have not done it
+       earlier.  */
+    security_init ();
 
   if (__builtin_expect (mode, normal) != normal)
     {