diff options
author | Philip Guenther <guenther@cvs.openbsd.org> | 2014-11-03 17:50:57 +0000 |
---|---|---|
committer | Philip Guenther <guenther@cvs.openbsd.org> | 2014-11-03 17:50:57 +0000 |
commit | eb95f8b1eb1cdff1b338255a639794a0c9034179 (patch) | |
tree | 98ca65675934ffa02e215448ad8f63a8521029cf | |
parent | 425a87494731ed74050fbd5af2a680639ff49b76 (diff) |
Eliminate RTLD_PROTECT_PLT: ld.so is built with -Bsymbolic so the
PLT is empty/unused. On at least macppc and sparc64, ld.so's attempt
to mprotect its PLT could instead hit its own allocated data and
cause a segfault shortly there after.
While here, take a shot at preventing the same issue with the GOT
by checking for __got_start != __got_end.
reproduction *with ktracing* by afresh1@ provided the key data
ok miod@ deraadt@
-rw-r--r-- | libexec/ld.so/alpha/archdep.h | 4 | ||||
-rw-r--r-- | libexec/ld.so/loader.c | 25 | ||||
-rw-r--r-- | libexec/ld.so/powerpc/archdep.h | 4 | ||||
-rw-r--r-- | libexec/ld.so/sparc/archdep.h | 4 | ||||
-rw-r--r-- | libexec/ld.so/sparc64/archdep.h | 4 |
5 files changed, 12 insertions, 29 deletions
diff --git a/libexec/ld.so/alpha/archdep.h b/libexec/ld.so/alpha/archdep.h index 37f70625bf8..44e7f595bf7 100644 --- a/libexec/ld.so/alpha/archdep.h +++ b/libexec/ld.so/alpha/archdep.h @@ -1,4 +1,4 @@ -/* $OpenBSD: archdep.h,v 1.14 2014/04/16 10:52:58 guenther Exp $ */ +/* $OpenBSD: archdep.h,v 1.15 2014/11/03 17:50:56 guenther Exp $ */ /* * Copyright (c) 1998 Per Fogelstrom, Opsycon AB @@ -41,8 +41,6 @@ #include "syscall.h" #include "util.h" -#define RTLD_PROTECT_PLT - static inline void RELOC_REL(Elf64_Rel *r, const Elf64_Sym *s, Elf64_Addr *p, unsigned long v) { diff --git a/libexec/ld.so/loader.c b/libexec/ld.so/loader.c index c5449df8901..8cc91d2f842 100644 --- a/libexec/ld.so/loader.c +++ b/libexec/ld.so/loader.c @@ -1,4 +1,4 @@ -/* $OpenBSD: loader.c,v 1.150 2014/07/10 09:03:01 otto Exp $ */ +/* $OpenBSD: loader.c,v 1.151 2014/11/03 17:50:56 guenther Exp $ */ /* * Copyright (c) 1998 Per Fogelstrom, Opsycon AB @@ -399,23 +399,14 @@ _dl_boot(const char **argv, char **envp, const long dyn_loff, long *dl_data) { extern char *__got_start; extern char *__got_end; -#ifdef RTLD_PROTECT_PLT - extern char *__plt_start; - extern char *__plt_end; -#endif - _dl_mprotect((void *)ELF_TRUNC((long)&__got_start, _dl_pagesz), - ELF_ROUND((long)&__got_end,_dl_pagesz) - - ELF_TRUNC((long)&__got_start, _dl_pagesz), - GOT_PERMS); - -#ifdef RTLD_PROTECT_PLT - /* only for DATA_PLT or BSS_PLT */ - _dl_mprotect((void *)ELF_TRUNC((long)&__plt_start, _dl_pagesz), - ELF_ROUND((long)&__plt_end,_dl_pagesz) - - ELF_TRUNC((long)&__plt_start, _dl_pagesz), - PROT_READ|PROT_EXEC); -#endif + if (&__got_start != &__got_end) { + _dl_mprotect((void *)ELF_TRUNC((long)&__got_start, + _dl_pagesz), + ELF_ROUND((long)&__got_end,_dl_pagesz) - + ELF_TRUNC((long)&__got_start, _dl_pagesz), + GOT_PERMS); + } } #endif diff --git a/libexec/ld.so/powerpc/archdep.h b/libexec/ld.so/powerpc/archdep.h index 7bb80dc26c5..8e9733a5af0 100644 --- a/libexec/ld.so/powerpc/archdep.h +++ b/libexec/ld.so/powerpc/archdep.h @@ -1,4 +1,4 @@ -/* $OpenBSD: archdep.h,v 1.15 2014/07/05 12:22:41 miod Exp $ */ +/* $OpenBSD: archdep.h,v 1.16 2014/11/03 17:50:56 guenther Exp $ */ /* * Copyright (c) 1998 Per Fogelstrom, Opsycon AB @@ -41,8 +41,6 @@ #include "syscall.h" #include "util.h" -#define RTLD_PROTECT_PLT - /* * The following functions are declared inline so they can * be used before bootstrap linking has been finished. diff --git a/libexec/ld.so/sparc/archdep.h b/libexec/ld.so/sparc/archdep.h index 509b17c922f..cf3c03743a6 100644 --- a/libexec/ld.so/sparc/archdep.h +++ b/libexec/ld.so/sparc/archdep.h @@ -1,4 +1,4 @@ -/* $OpenBSD: archdep.h,v 1.9 2010/01/02 12:16:35 kettenis Exp $ */ +/* $OpenBSD: archdep.h,v 1.10 2014/11/03 17:50:56 guenther Exp $ */ /* * Copyright (c) 1998 Per Fogelstrom, Opsycon AB @@ -43,8 +43,6 @@ #include "syscall.h" #include "util.h" -#define RTLD_PROTECT_PLT - static inline void * _dl_mmap(void *addr, unsigned int len, unsigned int prot, unsigned int flags, int fd, off_t offset) diff --git a/libexec/ld.so/sparc64/archdep.h b/libexec/ld.so/sparc64/archdep.h index 61e32e7e820..27b4036ac18 100644 --- a/libexec/ld.so/sparc64/archdep.h +++ b/libexec/ld.so/sparc64/archdep.h @@ -1,4 +1,4 @@ -/* $OpenBSD: archdep.h,v 1.18 2010/01/02 12:16:35 kettenis Exp $ */ +/* $OpenBSD: archdep.h,v 1.19 2014/11/03 17:50:56 guenther Exp $ */ /* * Copyright (c) 1998 Per Fogelstrom, Opsycon AB @@ -43,8 +43,6 @@ #include "syscall.h" #include "util.h" -#define RTLD_PROTECT_PLT - static inline void * _dl_mmap(void *addr, unsigned int len, unsigned int prot, unsigned int flags, int fd, off_t offset) |