From 4c48ef06b4037694d9a548a088f64b6e2f2bb7cf Mon Sep 17 00:00:00 2001 From: Ulrich Drepper Date: Wed, 31 Oct 2007 15:28:30 +0000 Subject: * elf/rtld.c (dl_main): Initialize stack and pointer guard early when using auditing libraries. --- ChangeLog | 5 +++++ elf/rtld.c | 62 +++++++++++++++++++++++++++++++++++++++----------------------- 2 files changed, 44 insertions(+), 23 deletions(-) diff --git a/ChangeLog b/ChangeLog index e8afd16cdb..38f9a33a1a 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,8 @@ +2007-10-31 Ulrich Drepper + + * elf/rtld.c (dl_main): Initialize stack and pointer guard early + when using auditing libraries. + 2007-10-29 Ulrich Drepper * resolv/Versions [libresolv] (GLIBC_PRIVATE): Add diff --git a/elf/rtld.c b/elf/rtld.c index 7612a69324..6df81fb2c1 100644 --- a/elf/rtld.c +++ b/elf/rtld.c @@ -833,6 +833,35 @@ rtld_lock_default_unlock_recursive (void *lock) #endif +static void +security_init (void) +{ + /* Set up the stack checker's canary. */ + uintptr_t stack_chk_guard = _dl_setup_stack_chk_guard (); +#ifdef THREAD_SET_STACK_GUARD + THREAD_SET_STACK_GUARD (stack_chk_guard); +#else + __stack_chk_guard = stack_chk_guard; +#endif + + /* Set up the pointer guard as well, if necessary. */ + if (GLRO(dl_pointer_guard)) + { + // XXX If it is cheap, we should use a separate value. + uintptr_t pointer_chk_guard = stack_chk_guard; +#ifndef HP_TIMING_NONAVAIL + hp_timing_t now; + HP_TIMING_NOW (now); + pointer_chk_guard ^= now; +#endif +#ifdef THREAD_SET_POINTER_GUARD + THREAD_SET_POINTER_GUARD (pointer_chk_guard); +#endif + __pointer_chk_guard_local = pointer_chk_guard; + } +} + + /* The library search path. */ static const char *library_path attribute_relro; /* The list preloaded objects. */ @@ -1405,6 +1434,12 @@ of this helper program; chances are you did not intend to run this program.\n\ initialize the data structures now. */ tcbp = init_tls (); + /* Initialize security features. We need to do it this early + since otherwise the constructors of the audit libraries will + use different values (especially the pointer guard) and will + fail later on. */ + security_init (); + do { int tls_idx = GL(dl_tls_max_dtv_idx); @@ -1815,29 +1850,10 @@ ERROR: ld.so: object '%s' cannot be loaded as audit interface: %s; ignored.\n", if (tcbp == NULL) tcbp = init_tls (); - /* Set up the stack checker's canary. */ - uintptr_t stack_chk_guard = _dl_setup_stack_chk_guard (); -#ifdef THREAD_SET_STACK_GUARD - THREAD_SET_STACK_GUARD (stack_chk_guard); -#else - __stack_chk_guard = stack_chk_guard; -#endif - - /* Set up the pointer guard as well, if necessary. */ - if (GLRO(dl_pointer_guard)) - { - // XXX If it is cheap, we should use a separate value. - uintptr_t pointer_chk_guard = stack_chk_guard; -#ifndef HP_TIMING_NONAVAIL - hp_timing_t now; - HP_TIMING_NOW (now); - pointer_chk_guard ^= now; -#endif -#ifdef THREAD_SET_POINTER_GUARD - THREAD_SET_POINTER_GUARD (pointer_chk_guard); -#endif - __pointer_chk_guard_local = pointer_chk_guard; - } + if (__builtin_expect (audit_list == NULL, 1)) + /* Initialize security features. But only if we have not done it + earlier. */ + security_init (); if (__builtin_expect (mode, normal) != normal) { -- cgit 1.4.1