elf/rtld: Count skipped environment variables for enable_secure
Checks
| Context |
Check |
Description |
| redhat-pt-bot/TryBot-apply_patch |
success
|
Patch applied to master at the time it was sent
|
| redhat-pt-bot/TryBot-32bit |
success
|
Build for i686
|
| linaro-tcwg-bot/tcwg_glibc_build--master-aarch64 |
success
|
Testing passed
|
| linaro-tcwg-bot/tcwg_glibc_check--master-aarch64 |
success
|
Testing passed
|
| linaro-tcwg-bot/tcwg_glibc_build--master-arm |
success
|
Testing passed
|
| linaro-tcwg-bot/tcwg_glibc_check--master-arm |
success
|
Testing passed
|
Commit Message
When using the glibc.rtld.enable_secure tunable we need to keep track of
the count of environment variables we skip due to __libc_enable_secure
being set and adjust the auxv section of the stack. This fixes an
assertion when running ld.so directly with glibc.rtld.enable_secure set.
elf/rtld.c:1324 assert (auxv == sp + 1);
---
elf/rtld.c | 26 ++++++++++++++++++--------
1 file changed, 18 insertions(+), 8 deletions(-)
Comments
On 3/7/24 09:44, Joe Simmons-Talbott wrote:
> When using the glibc.rtld.enable_secure tunable we need to keep track of
> the count of environment variables we skip due to __libc_enable_secure
> being set and adjust the auxv section of the stack. This fixes an
> assertion when running ld.so directly with glibc.rtld.enable_secure set.
>
> elf/rtld.c:1324 assert (auxv == sp + 1);
> ---
> elf/rtld.c | 26 ++++++++++++++++++--------
> 1 file changed, 18 insertions(+), 8 deletions(-)
>
> diff --git a/elf/rtld.c b/elf/rtld.c
> index ac4bb23652..089863a8fa 100644
> --- a/elf/rtld.c
> +++ b/elf/rtld.c
> @@ -155,7 +155,7 @@ static void dl_main_state_init (struct dl_main_state *state);
> Since all of them start with `LD_' we are a bit smarter while finding
> all the entries. */
> extern char **_environ attribute_hidden;
> -static void process_envvars (struct dl_main_state *state);
> +static int process_envvars (struct dl_main_state *state);
>
> int _dl_argc attribute_relro attribute_hidden;
> char **_dl_argv attribute_relro = NULL;
> @@ -1287,7 +1287,7 @@ rtld_setup_main_map (struct link_map *main_map)
> _dl_argv and _dl_argc accordingly. Those arguments are removed from
> argv here. */
> static void
> -_dl_start_args_adjust (int skip_args)
> +_dl_start_args_adjust (int skip_args, int skip_env)
> {
> void **sp = (void **) (_dl_argv - skip_args - 1);
> void **p = sp + skip_args;
> @@ -1319,7 +1319,7 @@ _dl_start_args_adjust (int skip_args)
> while (*p != NULL);
>
> #ifdef HAVE_AUX_VECTOR
> - void **auxv = (void **) GLRO(dl_auxv) - skip_args;
> + void **auxv = (void **) GLRO(dl_auxv) - skip_args - skip_env;
> GLRO(dl_auxv) = (ElfW(auxv_t) *) auxv; /* Aliasing violation. */
> assert (auxv == sp + 1);
>
> @@ -1350,6 +1350,7 @@ dl_main (const ElfW(Phdr) *phdr,
> unsigned int i;
> bool rtld_is_main = false;
> void *tcbp = NULL;
> + int skip_env = 0;
>
> struct dl_main_state state;
> dl_main_state_init (&state);
> @@ -1363,7 +1364,7 @@ dl_main (const ElfW(Phdr) *phdr,
> #endif
>
> /* Process the environment variable which control the behaviour. */
> - process_envvars (&state);
> + skip_env = process_envvars (&state);
>
> #ifndef HAVE_INLINED_SYSCALLS
> /* Set up a flag which tells we are just starting. */
> @@ -1628,7 +1629,7 @@ dl_main (const ElfW(Phdr) *phdr,
> _dl_argv[0] = argv0;
>
> /* Adjust arguments for the application entry point. */
> - _dl_start_args_adjust (_dl_argv - orig_argv);
> + _dl_start_args_adjust (_dl_argv - orig_argv, skip_env);
> }
> else
> {
> @@ -2532,11 +2533,12 @@ a filename can be specified using the LD_DEBUG_OUTPUT environment variable.\n");
> }
> }
> �
> -static void
> +static int
> process_envvars_secure (struct dl_main_state *state)
> {
> char **runp = _environ;
> char *envline;
> + int skip_env = 0;
>
> while ((envline = _dl_next_ld_env_entry (&runp)) != NULL)
> {
> @@ -2578,6 +2580,9 @@ process_envvars_secure (struct dl_main_state *state)
> const char *nextp = UNSECURE_ENVVARS;
> do
> {
> + if (getenv (nextp) != NULL)
> + skip_env++;
Please add a detailed comment here about why the skip count is adjusted
based on the validity of the *next* pointer being non-NULL.
> +
> unsetenv (nextp);
> nextp = strchr (nextp, '\0') + 1;
> }
> @@ -2590,6 +2595,8 @@ process_envvars_secure (struct dl_main_state *state)
> || state->mode != rtld_mode_normal
> || state->version_info)
> _exit (5);
> +
> + return skip_env;
> }
>
> static void
> @@ -2743,13 +2750,16 @@ process_envvars_default (struct dl_main_state *state)
> }
> }
>
> -static void
> +static int
> process_envvars (struct dl_main_state *state)
> {
> + int skip_env = 0;
> if (__glibc_unlikely (__libc_enable_secure))
> - process_envvars_secure (state);
> + skip_env += process_envvars_secure (state);
> else
> process_envvars_default (state);
> +
> + return skip_env;
> }
>
> #if HP_TIMING_INLINE
On Thu, Mar 7, 2024 at 3:41 PM Carlos O'Donell <carlos@redhat.com> wrote:
>
> On 3/7/24 09:44, Joe Simmons-Talbott wrote:
> > When using the glibc.rtld.enable_secure tunable we need to keep track of
> > the count of environment variables we skip due to __libc_enable_secure
> > being set and adjust the auxv section of the stack. This fixes an
> > assertion when running ld.so directly with glibc.rtld.enable_secure set.
> >
> > elf/rtld.c:1324 assert (auxv == sp + 1);
> > ---
> > elf/rtld.c | 26 ++++++++++++++++++--------
> > 1 file changed, 18 insertions(+), 8 deletions(-)
> >
> > diff --git a/elf/rtld.c b/elf/rtld.c
> > index ac4bb23652..089863a8fa 100644
> > --- a/elf/rtld.c
> > +++ b/elf/rtld.c
> > @@ -155,7 +155,7 @@ static void dl_main_state_init (struct dl_main_state *state);
> > Since all of them start with `LD_' we are a bit smarter while finding
> > all the entries. */
> > extern char **_environ attribute_hidden;
> > -static void process_envvars (struct dl_main_state *state);
> > +static int process_envvars (struct dl_main_state *state);
> >
> > int _dl_argc attribute_relro attribute_hidden;
> > char **_dl_argv attribute_relro = NULL;
> > @@ -1287,7 +1287,7 @@ rtld_setup_main_map (struct link_map *main_map)
> > _dl_argv and _dl_argc accordingly. Those arguments are removed from
> > argv here. */
> > static void
> > -_dl_start_args_adjust (int skip_args)
> > +_dl_start_args_adjust (int skip_args, int skip_env)
> > {
> > void **sp = (void **) (_dl_argv - skip_args - 1);
> > void **p = sp + skip_args;
> > @@ -1319,7 +1319,7 @@ _dl_start_args_adjust (int skip_args)
> > while (*p != NULL);
> >
> > #ifdef HAVE_AUX_VECTOR
> > - void **auxv = (void **) GLRO(dl_auxv) - skip_args;
> > + void **auxv = (void **) GLRO(dl_auxv) - skip_args - skip_env;
> > GLRO(dl_auxv) = (ElfW(auxv_t) *) auxv; /* Aliasing violation. */
> > assert (auxv == sp + 1);
> >
> > @@ -1350,6 +1350,7 @@ dl_main (const ElfW(Phdr) *phdr,
> > unsigned int i;
> > bool rtld_is_main = false;
> > void *tcbp = NULL;
> > + int skip_env = 0;
> >
> > struct dl_main_state state;
> > dl_main_state_init (&state);
> > @@ -1363,7 +1364,7 @@ dl_main (const ElfW(Phdr) *phdr,
> > #endif
> >
> > /* Process the environment variable which control the behaviour. */
> > - process_envvars (&state);
> > + skip_env = process_envvars (&state);
> >
> > #ifndef HAVE_INLINED_SYSCALLS
> > /* Set up a flag which tells we are just starting. */
> > @@ -1628,7 +1629,7 @@ dl_main (const ElfW(Phdr) *phdr,
> > _dl_argv[0] = argv0;
> >
> > /* Adjust arguments for the application entry point. */
> > - _dl_start_args_adjust (_dl_argv - orig_argv);
> > + _dl_start_args_adjust (_dl_argv - orig_argv, skip_env);
> > }
> > else
> > {
> > @@ -2532,11 +2533,12 @@ a filename can be specified using the LD_DEBUG_OUTPUT environment variable.\n");
> > }
> > }
> >
> > -static void
> > +static int
> > process_envvars_secure (struct dl_main_state *state)
> > {
> > char **runp = _environ;
> > char *envline;
> > + int skip_env = 0;
> >
> > while ((envline = _dl_next_ld_env_entry (&runp)) != NULL)
> > {
> > @@ -2578,6 +2580,9 @@ process_envvars_secure (struct dl_main_state *state)
> > const char *nextp = UNSECURE_ENVVARS;
> > do
> > {
> > + if (getenv (nextp) != NULL)
> > + skip_env++;
>
>
> Please add a detailed comment here about why the skip count is adjusted
> based on the validity of the *next* pointer being non-NULL.
>
I added a comment and posted a v2.
Thanks,
Joe
> > +
> > unsetenv (nextp);
> > nextp = strchr (nextp, '\0') + 1;
> > }
> > @@ -2590,6 +2595,8 @@ process_envvars_secure (struct dl_main_state *state)
> > || state->mode != rtld_mode_normal
> > || state->version_info)
> > _exit (5);
> > +
> > + return skip_env;
> > }
> >
> > static void
> > @@ -2743,13 +2750,16 @@ process_envvars_default (struct dl_main_state *state)
> > }
> > }
> >
> > -static void
> > +static int
> > process_envvars (struct dl_main_state *state)
> > {
> > + int skip_env = 0;
> > if (__glibc_unlikely (__libc_enable_secure))
> > - process_envvars_secure (state);
> > + skip_env += process_envvars_secure (state);
> > else
> > process_envvars_default (state);
> > +
> > + return skip_env;
> > }
> >
> > #if HP_TIMING_INLINE
>
> --
> Cheers,
> Carlos.
>
@@ -155,7 +155,7 @@ static void dl_main_state_init (struct dl_main_state *state);
Since all of them start with `LD_' we are a bit smarter while finding
all the entries. */
extern char **_environ attribute_hidden;
-static void process_envvars (struct dl_main_state *state);
+static int process_envvars (struct dl_main_state *state);
int _dl_argc attribute_relro attribute_hidden;
char **_dl_argv attribute_relro = NULL;
@@ -1287,7 +1287,7 @@ rtld_setup_main_map (struct link_map *main_map)
_dl_argv and _dl_argc accordingly. Those arguments are removed from
argv here. */
static void
-_dl_start_args_adjust (int skip_args)
+_dl_start_args_adjust (int skip_args, int skip_env)
{
void **sp = (void **) (_dl_argv - skip_args - 1);
void **p = sp + skip_args;
@@ -1319,7 +1319,7 @@ _dl_start_args_adjust (int skip_args)
while (*p != NULL);
#ifdef HAVE_AUX_VECTOR
- void **auxv = (void **) GLRO(dl_auxv) - skip_args;
+ void **auxv = (void **) GLRO(dl_auxv) - skip_args - skip_env;
GLRO(dl_auxv) = (ElfW(auxv_t) *) auxv; /* Aliasing violation. */
assert (auxv == sp + 1);
@@ -1350,6 +1350,7 @@ dl_main (const ElfW(Phdr) *phdr,
unsigned int i;
bool rtld_is_main = false;
void *tcbp = NULL;
+ int skip_env = 0;
struct dl_main_state state;
dl_main_state_init (&state);
@@ -1363,7 +1364,7 @@ dl_main (const ElfW(Phdr) *phdr,
#endif
/* Process the environment variable which control the behaviour. */
- process_envvars (&state);
+ skip_env = process_envvars (&state);
#ifndef HAVE_INLINED_SYSCALLS
/* Set up a flag which tells we are just starting. */
@@ -1628,7 +1629,7 @@ dl_main (const ElfW(Phdr) *phdr,
_dl_argv[0] = argv0;
/* Adjust arguments for the application entry point. */
- _dl_start_args_adjust (_dl_argv - orig_argv);
+ _dl_start_args_adjust (_dl_argv - orig_argv, skip_env);
}
else
{
@@ -2532,11 +2533,12 @@ a filename can be specified using the LD_DEBUG_OUTPUT environment variable.\n");
}
}
�
-static void
+static int
process_envvars_secure (struct dl_main_state *state)
{
char **runp = _environ;
char *envline;
+ int skip_env = 0;
while ((envline = _dl_next_ld_env_entry (&runp)) != NULL)
{
@@ -2578,6 +2580,9 @@ process_envvars_secure (struct dl_main_state *state)
const char *nextp = UNSECURE_ENVVARS;
do
{
+ if (getenv (nextp) != NULL)
+ skip_env++;
+
unsetenv (nextp);
nextp = strchr (nextp, '\0') + 1;
}
@@ -2590,6 +2595,8 @@ process_envvars_secure (struct dl_main_state *state)
|| state->mode != rtld_mode_normal
|| state->version_info)
_exit (5);
+
+ return skip_env;
}
static void
@@ -2743,13 +2750,16 @@ process_envvars_default (struct dl_main_state *state)
}
}
-static void
+static int
process_envvars (struct dl_main_state *state)
{
+ int skip_env = 0;
if (__glibc_unlikely (__libc_enable_secure))
- process_envvars_secure (state);
+ skip_env += process_envvars_secure (state);
else
process_envvars_default (state);
+
+ return skip_env;
}
#if HP_TIMING_INLINE