diff options
Diffstat (limited to 'elf')
| -rw-r--r-- | elf/rtld.c | 62 |
1 files changed, 39 insertions, 23 deletions
diff --git a/elf/rtld.c b/elf/rtld.c index 7612a69324..6df81fb2c1 100644 --- a/elf/rtld.c +++ b/elf/rtld.c @@ -833,6 +833,35 @@ rtld_lock_default_unlock_recursive (void *lock) #endif +static void +security_init (void) +{ + /* Set up the stack checker's canary. */ + uintptr_t stack_chk_guard = _dl_setup_stack_chk_guard (); +#ifdef THREAD_SET_STACK_GUARD + THREAD_SET_STACK_GUARD (stack_chk_guard); +#else + __stack_chk_guard = stack_chk_guard; +#endif + + /* Set up the pointer guard as well, if necessary. */ + if (GLRO(dl_pointer_guard)) + { + // XXX If it is cheap, we should use a separate value. + uintptr_t pointer_chk_guard = stack_chk_guard; +#ifndef HP_TIMING_NONAVAIL + hp_timing_t now; + HP_TIMING_NOW (now); + pointer_chk_guard ^= now; +#endif +#ifdef THREAD_SET_POINTER_GUARD + THREAD_SET_POINTER_GUARD (pointer_chk_guard); +#endif + __pointer_chk_guard_local = pointer_chk_guard; + } +} + + /* The library search path. */ static const char *library_path attribute_relro; /* The list preloaded objects. */ @@ -1405,6 +1434,12 @@ of this helper program; chances are you did not intend to run this program.\n\ initialize the data structures now. */ tcbp = init_tls (); + /* Initialize security features. We need to do it this early + since otherwise the constructors of the audit libraries will + use different values (especially the pointer guard) and will + fail later on. */ + security_init (); + do { int tls_idx = GL(dl_tls_max_dtv_idx); @@ -1815,29 +1850,10 @@ ERROR: ld.so: object '%s' cannot be loaded as audit interface: %s; ignored.\n", if (tcbp == NULL) tcbp = init_tls (); - /* Set up the stack checker's canary. */ - uintptr_t stack_chk_guard = _dl_setup_stack_chk_guard (); -#ifdef THREAD_SET_STACK_GUARD - THREAD_SET_STACK_GUARD (stack_chk_guard); -#else - __stack_chk_guard = stack_chk_guard; -#endif - - /* Set up the pointer guard as well, if necessary. */ - if (GLRO(dl_pointer_guard)) - { - // XXX If it is cheap, we should use a separate value. - uintptr_t pointer_chk_guard = stack_chk_guard; -#ifndef HP_TIMING_NONAVAIL - hp_timing_t now; - HP_TIMING_NOW (now); - pointer_chk_guard ^= now; -#endif -#ifdef THREAD_SET_POINTER_GUARD - THREAD_SET_POINTER_GUARD (pointer_chk_guard); -#endif - __pointer_chk_guard_local = pointer_chk_guard; - } + if (__builtin_expect (audit_list == NULL, 1)) + /* Initialize security features. But only if we have not done it + earlier. */ + security_init (); if (__builtin_expect (mode, normal) != normal) { |