aboutsummaryrefslogtreecommitdiff
path: root/debug
diff options
context:
space:
mode:
authorFlorian Weimer <fweimer@redhat.com>2019-08-19 15:41:29 +0200
committerFlorian Weimer <fweimer@redhat.com>2019-08-19 15:41:29 +0200
commita289ea09ea843ced6e5277c2f2e63c357bc7f9a3 (patch)
tree0b8a004ed5794f6f6bff89dbdc44518cb41bb373 /debug
parent1d714fd95da16f0d97c8c670a2c899f99c01eb45 (diff)
downloadglibc-a289ea09ea843ced6e5277c2f2e63c357bc7f9a3.tar
glibc-a289ea09ea843ced6e5277c2f2e63c357bc7f9a3.tar.gz
glibc-a289ea09ea843ced6e5277c2f2e63c357bc7f9a3.tar.bz2
glibc-a289ea09ea843ced6e5277c2f2e63c357bc7f9a3.zip
Do not print backtraces on fatal glibc errors
If the process is in a bad state, we used to print backtraces in many cases. This is problematic because doing so could involve a lot of work, like loading libgcc_s using the dynamic linker, and this could itself be targeted by exploit writers. For example, if the crashing process was forked from a long-lived process, the addresses in the error message could be used to bypass ASLR. Commit ed421fca42fd9b4cab7c66e77894b8dd7ca57ed0 ("Avoid backtrace from __stack_chk_fail [BZ #12189]"), backtraces where no longer printed because backtrace_and_maps was always called with do_abort == 1. Rather than fixing this logic error, this change removes the backtrace functionality from the sources. With the prevalence of external crash handlers, it does not appear to be particularly useful. The crash handler may also destroy useful information for debugging. Reviewed-by: Carlos O'Donell <carlos@redhat.com>
Diffstat (limited to 'debug')
-rw-r--r--debug/fortify_fail.c26
-rw-r--r--debug/stack_chk_fail.c7
2 files changed, 4 insertions, 29 deletions
diff --git a/debug/fortify_fail.c b/debug/fortify_fail.c
index 16549d6dbc..272a829fd4 100644
--- a/debug/fortify_fail.c
+++ b/debug/fortify_fail.c
@@ -16,33 +16,13 @@
<http://www.gnu.org/licenses/>. */
#include <stdio.h>
-#include <stdlib.h>
-#include <stdbool.h>
-
-
-extern char **__libc_argv attribute_hidden;
-
-void
-__attribute__ ((noreturn))
-__fortify_fail_abort (_Bool need_backtrace, const char *msg)
-{
- /* The loop is added only to keep gcc happy. Don't pass down
- __libc_argv[0] if we aren't doing backtrace since __libc_argv[0]
- may point to the corrupted stack. */
- while (1)
- __libc_message (need_backtrace ? (do_abort | do_backtrace) : do_abort,
- "*** %s ***: %s terminated\n",
- msg,
- (need_backtrace && __libc_argv[0] != NULL
- ? __libc_argv[0] : "<unknown>"));
-}
void
__attribute__ ((noreturn))
__fortify_fail (const char *msg)
{
- __fortify_fail_abort (true, msg);
+ /* The loop is added only to keep gcc happy. */
+ while (1)
+ __libc_message (do_abort, "*** %s ***: terminated\n", msg);
}
-
libc_hidden_def (__fortify_fail)
-libc_hidden_def (__fortify_fail_abort)
diff --git a/debug/stack_chk_fail.c b/debug/stack_chk_fail.c
index 4485655599..d4381dfa53 100644
--- a/debug/stack_chk_fail.c
+++ b/debug/stack_chk_fail.c
@@ -16,17 +16,12 @@
<http://www.gnu.org/licenses/>. */
#include <stdio.h>
-#include <stdlib.h>
-#include <stdbool.h>
-
-
-extern char **__libc_argv attribute_hidden;
void
__attribute__ ((noreturn))
__stack_chk_fail (void)
{
- __fortify_fail_abort (false, "stack smashing detected");
+ __fortify_fail ("stack smashing detected");
}
strong_alias (__stack_chk_fail, __stack_chk_fail_local)