From 8e1472d2c1e25e6eabc2059170731365f6d5b3d1 Mon Sep 17 00:00:00 2001
From: Florian Weimer <fweimer@redhat.com>
Date: Mon, 18 Dec 2017 20:04:13 +0100
Subject: ld.so: Examine GLRO to detect inactive loader [BZ #20204]

GLRO (_rtld_global_ro) is read-only after initialization and can
therefore not be patched at run time, unlike the hook table addresses
and their contents, so this is a desirable hardening feature.

The hooks are only needed if ld.so has not been initialized, and this
happens only after static dlopen (dlmopen uses a single ld.so object
across all namespaces).

Reviewed-by: Carlos O'Donell <carlos@redhat.com>
---
 dlfcn/dlmopen.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'dlfcn/dlmopen.c')

diff --git a/dlfcn/dlmopen.c b/dlfcn/dlmopen.c
index 07d59ade30..58f88bb7c6 100644
--- a/dlfcn/dlmopen.c
+++ b/dlfcn/dlmopen.c
@@ -79,7 +79,7 @@ void *
 __dlmopen (Lmid_t nsid, const char *file, int mode DL_CALLER_DECL)
 {
 # ifdef SHARED
-  if (__glibc_unlikely (_dlfcn_hook != NULL))
+  if (!rtld_active ())
     return _dlfcn_hook->dlmopen (nsid, file, mode, RETURN_ADDRESS (0));
 # endif
 
-- 
cgit v1.2.3