From patchwork Tue Oct 17 13:05:08 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Adhemerval Zanella X-Patchwork-Id: 78015 X-Patchwork-Delegate: siddhesh@gotplt.org Return-Path: X-Original-To: patchwork@sourceware.org Delivered-To: patchwork@sourceware.org Received: from server2.sourceware.org (localhost [IPv6:::1]) by sourceware.org (Postfix) with ESMTP id 85286385828D for ; Tue, 17 Oct 2023 13:05:49 +0000 (GMT) X-Original-To: libc-alpha@sourceware.org Delivered-To: libc-alpha@sourceware.org Received: from mail-pf1-x42d.google.com (mail-pf1-x42d.google.com [IPv6:2607:f8b0:4864:20::42d]) by sourceware.org (Postfix) with ESMTPS id 56A483858410 for ; Tue, 17 Oct 2023 13:05:34 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org 56A483858410 Authentication-Results: sourceware.org; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=linaro.org ARC-Filter: OpenARC Filter v1.0.0 sourceware.org 56A483858410 Authentication-Results: server2.sourceware.org; arc=none smtp.remote-ip=2607:f8b0:4864:20::42d ARC-Seal: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1697547936; cv=none; b=JPtKQGEqjIRd2xif0l5b4AAwTXza5BHn5Z2jJgEUvERz7S9uwOKLdFJgCgL2A8hVBHBFb+piwQJVTbR/Cgx+dFPKtSg4jUYu7xXUJE10JDH9pf0yZNEWLZeA3PennL6WGLSA7ucT7og4qKLHB+HeJsisolvCxq6smfjNoJwwq2M= ARC-Message-Signature: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1697547936; c=relaxed/simple; bh=q17KUF3Td0MiZ/syr2BvKJFS1fXmNHlNTcVyi2Zq4S4=; h=DKIM-Signature:From:To:Subject:Date:Message-Id:MIME-Version; b=jln/9SugagwLr4Q9VDY2b9oW68t1fRew3wp1RbS/U+eScBz20HkNOekqwRFRGFSk0WGyy3J+7Fmvhv0JKp0YlHv1tIBfQtYEPen6VS1ivBmn56/y1Vz49on4ePlRLRB6scUFQgbouq+/rZYgDjYBx16TLhCup/r7Pf2Ey1k4WCw= ARC-Authentication-Results: i=1; server2.sourceware.org Received: by mail-pf1-x42d.google.com with SMTP id d2e1a72fcca58-6b9af7d41d2so2440255b3a.0 for ; Tue, 17 Oct 2023 06:05:34 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; t=1697547933; x=1698152733; darn=sourceware.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=/kttVKak1Zn7MPna2CjoiAx+sHiE2mnfomblN10drJ0=; b=KdRK3+61q1rppjCRCoDzp/aFX5nrNLUP9eZBGQkT0RXn4lJIR1sgvuFNYj/Xaiu+Lb wT43edamsuRY8XPyh9bqYGIxOog8JpZyqK+4T7Z5BtCrPLrt7+4b7M5pGiOCA6wATQvQ UCILBSCI5KQ01r9NYS1ASL7vPUV8vb4utpHpPEqdd/G2BRLHBQ6GOvsuHIPVeOi1Dhyb Qmi4hdJ2o4vUQkL7EHwaN4182je9WElc9Y4hsHauojnmI9kdxq2t4UMu07r7EpY/YL0N Nf4+PVix7gXuXaBDwXRGC9Cbx4WUMHuhZ6EbfZj37uvB1EpRiTEtTTpGQAHgzvTDtW0d cxHg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1697547933; x=1698152733; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=/kttVKak1Zn7MPna2CjoiAx+sHiE2mnfomblN10drJ0=; b=GBUerNy6F/QX23N1DVlrOOG6HLX/4uUxiEsEJYKPMg+/dzNIYGt6m/i+CCUj8lq7v3 BlUzPP/ml51hVzePyF5oYxFM9MxqKuwgIZGBUAKCrKD9X1IRUT8mPV09HbZcMSQ3BjtM qX5wWUv8J5r/WQon6t4TPhsRQ4Xkj+J6oNAn2/UQcXkmjvRkrwyZldY7P6MzHL7jabLr EVE6RwWokGKRRAyC1IlXUUA9bfXsfZGgqHCgxquiFoA4/DZf/lsbYgk/o/yZ6ijAcqSw Do3icHOIvdM786ygPlF6aDDhSVoWAswLhH1TD/0b2wHhtN0ZCo9qGNdfH1NR1WuT4RCB 0KJg== X-Gm-Message-State: AOJu0YxETdKApKqVUZS41iUD9aOknBCo/mibP82PQfA7oRG/W9Mj9F1j 3vEnVr+l6xRF0t63UfJXaUIwWoTp7sNo2tjdk8JcYw== X-Google-Smtp-Source: AGHT+IG9aREI/Q+eOLWwnO7tL1ZwyM84aGKmVoKeerptn6BUnc9z7/Qj4J8IHa97Et+TujXeZEO/AA== X-Received: by 2002:a05:6a21:6d9e:b0:17a:e941:b136 with SMTP id wl30-20020a056a216d9e00b0017ae941b136mr2178921pzb.9.1697547932815; Tue, 17 Oct 2023 06:05:32 -0700 (PDT) Received: from mandiga.. ([2804:1b3:a7c3:7f2e:11d:92b4:4d78:4197]) by smtp.gmail.com with ESMTPSA id l28-20020a635b5c000000b0056b6d1ac949sm1309788pgm.13.2023.10.17.06.05.31 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 17 Oct 2023 06:05:32 -0700 (PDT) From: Adhemerval Zanella To: libc-alpha@sourceware.org, Siddhesh Poyarekar Subject: [PATCH v2 01/19] elf: Remove /etc/suid-debug support Date: Tue, 17 Oct 2023 10:05:08 -0300 Message-Id: <20231017130526.2216827-2-adhemerval.zanella@linaro.org> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20231017130526.2216827-1-adhemerval.zanella@linaro.org> References: <20231017130526.2216827-1-adhemerval.zanella@linaro.org> MIME-Version: 1.0 X-Spam-Status: No, score=-12.3 required=5.0 tests=BAYES_00, DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, GIT_PATCH_0, RCVD_IN_DNSWL_NONE, SPF_HELO_NONE, SPF_PASS, TXREP autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org X-BeenThere: libc-alpha@sourceware.org X-Mailman-Version: 2.1.30 Precedence: list List-Id: Libc-alpha mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: libc-alpha-bounces+patchwork=sourceware.org@sourceware.org Since malloc debug support moved to a different library (libc_malloc_debug.so), the glibc.malloc.check requires preloading the debug library to enable it. It means that suid-debug support has not been working since 2.34. To restore its support, it would require to add additional information and parsing to where to find libc_malloc_debug.so. It is one thing less that might change AT_SECURE binaries' behavior due to environment configurations. Checked on x86_64-linux-gnu. Reviewed-by: Siddhesh Poyarekar --- elf/dl-tunables.c | 16 ---------------- elf/rtld.c | 3 +-- manual/memory.texi | 4 +--- manual/tunables.texi | 4 +--- 4 files changed, 3 insertions(+), 24 deletions(-) diff --git a/elf/dl-tunables.c b/elf/dl-tunables.c index cae67efa0a..24252af22c 100644 --- a/elf/dl-tunables.c +++ b/elf/dl-tunables.c @@ -252,20 +252,6 @@ parse_tunables (char *tunestr, char *valstring) tunestr[off] = '\0'; } -/* Enable the glibc.malloc.check tunable in SETUID/SETGID programs only when - the system administrator has created the /etc/suid-debug file. This is a - special case where we want to conditionally enable/disable a tunable even - for setuid binaries. We use the special version of access() to avoid - setting ERRNO, which is a TLS variable since TLS has not yet been set - up. */ -static __always_inline void -maybe_enable_malloc_check (void) -{ - tunable_id_t id = TUNABLE_ENUM_NAME (glibc, malloc, check); - if (__libc_enable_secure && __access_noerrno ("/etc/suid-debug", F_OK) == 0) - tunable_list[id].security_level = TUNABLE_SECLEVEL_NONE; -} - /* Initialize the tunables list from the environment. For now we only use the ENV_ALIAS to find values. Later we will also use the tunable names to find values. */ @@ -277,8 +263,6 @@ __tunables_init (char **envp) size_t len = 0; char **prev_envp = envp; - maybe_enable_malloc_check (); - while ((envp = get_next_env (envp, &envname, &len, &envval, &prev_envp)) != NULL) { diff --git a/elf/rtld.c b/elf/rtld.c index 5107d16fe3..51b6d9f326 100644 --- a/elf/rtld.c +++ b/elf/rtld.c @@ -2670,8 +2670,7 @@ process_envvars (struct dl_main_state *state) } while (*nextp != '\0'); - if (__access ("/etc/suid-debug", F_OK) != 0) - GLRO(dl_debug_mask) = 0; + GLRO(dl_debug_mask) = 0; if (state->mode != rtld_mode_normal) _exit (5); diff --git a/manual/memory.texi b/manual/memory.texi index 5781a64f35..258fdbd3a0 100644 --- a/manual/memory.texi +++ b/manual/memory.texi @@ -1379,9 +1379,7 @@ There is one problem with @code{MALLOC_CHECK_}: in SUID or SGID binaries it could possibly be exploited since diverging from the normal programs behavior it now writes something to the standard error descriptor. Therefore the use of @code{MALLOC_CHECK_} is disabled by default for -SUID and SGID binaries. It can be enabled again by the system -administrator by adding a file @file{/etc/suid-debug} (the content is -not important it could be empty). +SUID and SGID binaries. So, what's the difference between using @code{MALLOC_CHECK_} and linking with @samp{-lmcheck}? @code{MALLOC_CHECK_} is orthogonal with respect to diff --git a/manual/tunables.texi b/manual/tunables.texi index 776fd93fd9..347b5698b5 100644 --- a/manual/tunables.texi +++ b/manual/tunables.texi @@ -136,9 +136,7 @@ termination of the process. Like @env{MALLOC_CHECK_}, @code{glibc.malloc.check} has a problem in that it diverges from normal program behavior by writing to @code{stderr}, which could by exploited in SUID and SGID binaries. Therefore, @code{glibc.malloc.check} -is disabled by default for SUID and SGID binaries. This can be enabled again -by the system administrator by adding a file @file{/etc/suid-debug}; the -content of the file could be anything or even empty. +is disabled by default for SUID and SGID binaries. @end deftp @deftp Tunable glibc.malloc.top_pad