From 3e539cb47e9fabfdda295926b4270b0f3cc7fa65 Mon Sep 17 00:00:00 2001 From: Ulrich Drepper Date: Thu, 13 Jan 2005 02:08:37 +0000 Subject: * elf/dl-load.c (_dl_map_object_from_fd): We don't have to allow callers from libc anymore. * elf/dl-open.c (dl_open_worker): Pass __RTLD_AUDIT flag from caller to _dl_map_object_deps. * elf/dl-load.c (_dl_map_object_from_fd): Don't change memory protections when loading auditing modules. * dlfcn/dlopen.c (dlopen_doit): Catch invalid mode arguments and fail. --- ChangeLog | 10 ++++++++++ dlfcn/dlopen.c | 7 ++++++- elf/dl-load.c | 4 ++-- elf/dl-open.c | 2 +- 4 files changed, 19 insertions(+), 4 deletions(-) diff --git a/ChangeLog b/ChangeLog index df12ad01cd..4601adf2f6 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,5 +1,15 @@ 2005-01-12 Ulrich Drepper + * elf/dl-load.c (_dl_map_object_from_fd): We don't have to allow + callers from libc anymore. + + * elf/dl-open.c (dl_open_worker): Pass __RTLD_AUDIT flag from caller + to _dl_map_object_deps. + * elf/dl-load.c (_dl_map_object_from_fd): Don't change memory + protections when loading auditing modules. + + * dlfcn/dlopen.c (dlopen_doit): Catch invalid mode arguments and fail. + * posix/getconf.c: Update copyright year. * nss/getent.c: Likewise. * nscd/nscd_nischeck.c: Likewise. diff --git a/dlfcn/dlopen.c b/dlfcn/dlopen.c index 1e2111e71f..bffb512aa3 100644 --- a/dlfcn/dlopen.c +++ b/dlfcn/dlopen.c @@ -1,5 +1,5 @@ /* Load a shared object at run time. - Copyright (C) 1995,96,97,98,99,2000,2003,2004 Free Software Foundation, Inc. + Copyright (C) 1995-2000,2003,2004,2005 Free Software Foundation, Inc. This file is part of the GNU C Library. The GNU C Library is free software; you can redistribute it and/or @@ -18,6 +18,7 @@ 02111-1307 USA. */ #include +#include #include #include #include @@ -58,6 +59,10 @@ dlopen_doit (void *a) { struct dlopen_args *args = (struct dlopen_args *) a; + if (args->mode & ~(RTLD_BINDING_MASK | RTLD_NOLOAD | RTLD_DEEPBIND + | RTLD_GLOBAL | RTLD_LOCAL | RTLD_NODELETE)) + GLRO(dl_signal_error) (0, NULL, NULL, _("invalid mode parameter")); + args->new = GLRO(dl_open) (args->file ?: "", args->mode | __RTLD_DLOPEN, args->caller, args->file == NULL ? LM_ID_BASE : NS, diff --git a/elf/dl-load.c b/elf/dl-load.c index 363f77bcdf..f74f98f91e 100644 --- a/elf/dl-load.c +++ b/elf/dl-load.c @@ -1359,14 +1359,14 @@ cannot allocate TLS data structures for initial thread"); protection of the variable which contains the flags used in the mprotect calls. */ #ifdef HAVE_Z_RELRO - if (mode & __RTLD_DLOPEN) + if ((mode & (__RTLD_DLOPEN | __RTLD_AUDIT)) == __RTLD_DLOPEN) { uintptr_t p = ((uintptr_t) &__stack_prot) & ~(GLRO(dl_pagesize) - 1); size_t s = (uintptr_t) &__stack_prot - p + sizeof (int); __mprotect ((void *) p, s, PROT_READ|PROT_WRITE); if (__builtin_expect (__check_caller (RETURN_ADDRESS (0), - allow_ldso|allow_libc) == 0, + allow_ldso) == 0, 0)) __stack_prot |= PROT_EXEC; __mprotect ((void *) p, s, PROT_READ); diff --git a/elf/dl-open.c b/elf/dl-open.c index c2cf1dbf13..4de20720ed 100644 --- a/elf/dl-open.c +++ b/elf/dl-open.c @@ -305,7 +305,7 @@ dl_open_worker (void *a) /* Load that object's dependencies. */ _dl_map_object_deps (new, NULL, 0, 0, - mode & (__RTLD_DLOPEN | RTLD_DEEPBIND)); + mode & (__RTLD_DLOPEN | RTLD_DEEPBIND | __RTLD_AUDIT)); /* So far, so good. Now check the versions. */ for (i = 0; i < new->l_searchlist.r_nlist; ++i) -- cgit v1.2.3