From 8e1472d2c1e25e6eabc2059170731365f6d5b3d1 Mon Sep 17 00:00:00 2001
From: Florian Weimer <fweimer@redhat.com>
Date: Mon, 18 Dec 2017 20:04:13 +0100
Subject: ld.so: Examine GLRO to detect inactive loader [BZ #20204]

GLRO (_rtld_global_ro) is read-only after initialization and can
therefore not be patched at run time, unlike the hook table addresses
and their contents, so this is a desirable hardening feature.

The hooks are only needed if ld.so has not been initialized, and this
happens only after static dlopen (dlmopen uses a single ld.so object
across all namespaces).

Reviewed-by: Carlos O'Donell <carlos@redhat.com>
---
 ChangeLog | 22 ++++++++++++++++++++++
 1 file changed, 22 insertions(+)

(limited to 'ChangeLog')

diff --git a/ChangeLog b/ChangeLog
index c5ee8fc91a..a46375fd56 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,25 @@
+2017-12-18  Florian Weimer  <fweimer@redhat.com>
+
+	[BZ #20204]
+	ld.so: Harden dl-libc/libdl hooks.
+	* sysdeps/generic/ldsodefs.h (_dl_init_all_dirs): Update comment.
+	(rtld_active): New function.
+	* dlfcn/dladdr.c (__dladdr): Call it.
+	* dlfcn/dladdr1.c (__dladdr1): Likewise.
+	* dlfcn/dlclose.c (__dlcose): Likewise.
+	* dlfcn/dlerror.c (__dlerror): Likewise.
+	* dlfcn/dlinfo.c (__dlinfo): Likewise.
+	* dlfcn/dlmopen.c (__dlmopen): Likewise.
+	* dlfcn/dlopen.c (__dlopen): Likewise.
+	* dlfcn/dlopenold.c (__dlopen_nocheck): Likewise.
+	* dlfcn/dlsym.c (__dlsym): Likewise.
+	* dlfcn/dlvsym.c (__dlvsym): Likewise.
+	* libio/vtables.c (_IO_vtable_check): Likewise.
+	* elf/dl-libc.c (__libc_dlopen_mode, __libc_dlsym)
+	(__libc_dlclose): Likewise.
+	* elf/rtld.c (dl_main): Update comment on the _dl_init_all_dirs
+	assignment.
+
 2017-12-18  Joseph Myers  <joseph@codesourcery.com>
 
 	[BZ #22446]
-- 
cgit 1.4.1