From patchwork Thu Mar  7 14:44:18 2024
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Joe Simmons-Talbott <josimmon@redhat.com>
X-Patchwork-Id: 86937
Return-Path: <libc-alpha-bounces+patchwork=sourceware.org@sourceware.org>
X-Original-To: patchwork@sourceware.org
Delivered-To: patchwork@sourceware.org
Received: from server2.sourceware.org (localhost [IPv6:::1])
	by sourceware.org (Postfix) with ESMTP id E29FB3857C5E
	for <patchwork@sourceware.org>; Thu,  7 Mar 2024 14:44:53 +0000 (GMT)
X-Original-To: libc-alpha@sourceware.org
Delivered-To: libc-alpha@sourceware.org
Received: from us-smtp-delivery-124.mimecast.com
 (us-smtp-delivery-124.mimecast.com [170.10.129.124])
 by sourceware.org (Postfix) with ESMTPS id 4E246385803B
 for <libc-alpha@sourceware.org>; Thu,  7 Mar 2024 14:44:31 +0000 (GMT)
DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org 4E246385803B
Authentication-Results: sourceware.org;
 dmarc=pass (p=none dis=none) header.from=redhat.com
Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=redhat.com
ARC-Filter: OpenARC Filter v1.0.0 sourceware.org 4E246385803B
Authentication-Results: server2.sourceware.org;
 arc=none smtp.remote-ip=170.10.129.124
ARC-Seal: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1709822674; cv=none;
 b=T7lYgSFI88H5kDFTuCkBBHHT4CP1Nsj/dQ1KMf/Nw0RFIG2bguOxNQAsvjFmZdt3JobIONCI5Aw6/dReckG+WDcFCudAHKu/sdt1EVQV7ao8iPyTmndEVlk/FClOcjL8z1EVsKk2/leqCb6zKD32yh1VXF7jvXxxMt2NcbUtshE=
ARC-Message-Signature: i=1; a=rsa-sha256; d=sourceware.org; s=key;
 t=1709822674; c=relaxed/simple;
 bh=b0TfBB08TS24R3lUsluEKkg/udrjpLyPo+r6hPK6OAo=;
 h=DKIM-Signature:From:To:Subject:Date:Message-ID:MIME-Version;
 b=v5LcdJ8Sv9uU3WmUCkp2vgDG0aP0vKNiKPHYAjOS1KXC/WjilTUcPqagvnVYOLOJRE/RTTNdhBOouHRniVa26dk4OSQF78xkryJBP390K9YJRhhKZB8R50qacP+rJncrG9jDANOx5UFCBIwsdKmH0TAS7glJarVkaFuXPrYo3KU=
ARC-Authentication-Results: i=1; server2.sourceware.org
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com;
 s=mimecast20190719; t=1709822671;
 h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
 to:to:cc:cc:mime-version:mime-version:content-type:content-type:
 content-transfer-encoding:content-transfer-encoding;
 bh=4fDnfRz7a/MM6sPlRz9cUkXa1a9/xeQPXDK+M4rUMPk=;
 b=XuazA8SHdGgq9PCISv+TVh3gZZVjqvlD5sw52LIismv77ZEDFNW1gLluL7Qu6fPUbttohD
 tqAq0bDEkHwuEAGXk+71lFfTmfWTCWLniKQPn0Rxxik8i70xYJjdc+1ZpvsMO2InvgAwQn
 xpfL3zGZp8WnuJeczSMOVvz1Fd3rwOo=
Received: from mail-qt1-f198.google.com (mail-qt1-f198.google.com
 [209.85.160.198]) by relay.mimecast.com with ESMTP with STARTTLS
 (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id
 us-mta-269-pNguhFG6OaitcCPcR990yA-1; Thu, 07 Mar 2024 09:44:29 -0500
X-MC-Unique: pNguhFG6OaitcCPcR990yA-1
Received: by mail-qt1-f198.google.com with SMTP id
 d75a77b69052e-42ea54868d2so8629371cf.3
 for <libc-alpha@sourceware.org>; Thu, 07 Mar 2024 06:44:29 -0800 (PST)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20230601; t=1709822669; x=1710427469;
 h=content-transfer-encoding:mime-version:message-id:date:subject:cc
 :to:from:x-gm-message-state:from:to:cc:subject:date:message-id
 :reply-to;
 bh=vTzwQySVVxH3sSWPG0ZQ16KlYGHN45NB+Jmod4OCGGw=;
 b=qwxMkI+AAVe66wyJmXJN4H0SiyYrjms89osfZ+hDO6bkaJCERT+Y8UJ6n46ZrJ2ufS
 Hz55pSck3JKHbubx8DoJJnJ1dUiePJJ/fQ26Vifr8HzDCdEvAMMK6EBBP873fa0qDQxS
 QfLZfQHDv6hnVz6Z1HeWnouoqa1LdmTZdoysr8Joo/mvJTCXCisRn5tSrkP6457lJBs4
 lFTDIAIQ1SDP/zfFifwkxIPoh5vQAPG0JU6yQkU/1vf9g/9vnsKrG7/CzuDw+GzaPO/n
 BzRR/nxBs1cKmubaK6pn8X0bwTkwUtHwtEwRF7qv2LjnG0IIBJIRAKpXK3USmWYtB6/w
 wAsQ==
X-Gm-Message-State: AOJu0YxZIm9rrJ9LWpMVlXwjEYjxin65xQdaWPL2N5A8YThO3DQZki/g
 C2JEyl+wi7+1WULKwpsPzhdB3rweDuwlmpApwdObZD79/MyeqigLKPJGp4jUW37NNt3T723/z62
 3xQFOV14mCw0znoPA4PyQ0WVOOGfvMaX67BIDlhkekzlf6cD3xZUs3hkuBvwxs4sDqebxewl2fs
 y3HfQTJDWUI5zmz4t5iGWBjcM8KOaAlezsIv4daIqI0g==
X-Received: by 2002:a05:622a:181e:b0:42e:b310:1f71 with SMTP id
 t30-20020a05622a181e00b0042eb3101f71mr8938422qtc.49.1709822668986;
 Thu, 07 Mar 2024 06:44:28 -0800 (PST)
X-Google-Smtp-Source: 
 AGHT+IF3fAXPrHuYC6o/GlpmPrAGVucyQ2jiksWf4FdTIlxR2jiLKRrAOGR1z7HvqbjSG/5hIsDlmw==
X-Received: by 2002:a05:622a:181e:b0:42e:b310:1f71 with SMTP id
 t30-20020a05622a181e00b0042eb3101f71mr8938402qtc.49.1709822668590;
 Thu, 07 Mar 2024 06:44:28 -0800 (PST)
Received: from oak.. (c-71-206-142-238.hsd1.va.comcast.net. [71.206.142.238])
 by smtp.gmail.com with ESMTPSA id
 i20-20020ac871d4000000b0042f09f01fc5sm2123098qtp.59.2024.03.07.06.44.27
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Thu, 07 Mar 2024 06:44:28 -0800 (PST)
From: Joe Simmons-Talbott <josimmon@redhat.com>
To: libc-alpha@sourceware.org
Cc: Joe Simmons-Talbott <josimmon@redhat.com>
Subject: [PATCH] elf/rtld: Count skipped environment variables for
 enable_secure
Date: Thu,  7 Mar 2024 09:44:18 -0500
Message-ID: <20240307144425.2075652-1-josimmon@redhat.com>
X-Mailer: git-send-email 2.41.0
MIME-Version: 1.0
X-Mimecast-Spam-Score: 0
X-Mimecast-Originator: redhat.com
X-Spam-Status: No, score=-10.9 required=5.0 tests=BAYES_00, DKIM_INVALID,
 DKIM_SIGNED, GIT_PATCH_0, KAM_DMARC_NONE, KAM_DMARC_STATUS,
 RCVD_IN_DNSWL_NONE,
 RCVD_IN_SORBS_WEB, SPF_HELO_NONE, SPF_NONE, TXREP,
 T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
 server2.sourceware.org
X-BeenThere: libc-alpha@sourceware.org
X-Mailman-Version: 2.1.30
Precedence: list
List-Id: Libc-alpha mailing list <libc-alpha.sourceware.org>
List-Unsubscribe: <https://sourceware.org/mailman/options/libc-alpha>,
 <mailto:libc-alpha-request@sourceware.org?subject=unsubscribe>
List-Archive: <https://sourceware.org/pipermail/libc-alpha/>
List-Post: <mailto:libc-alpha@sourceware.org>
List-Help: <mailto:libc-alpha-request@sourceware.org?subject=help>
List-Subscribe: <https://sourceware.org/mailman/listinfo/libc-alpha>,
 <mailto:libc-alpha-request@sourceware.org?subject=subscribe>
Errors-To: libc-alpha-bounces+patchwork=sourceware.org@sourceware.org

When using the glibc.rtld.enable_secure tunable we need to keep track of
the count of environment variables we skip due to __libc_enable_secure
being set and adjust the auxv section of the stack.  This fixes an
assertion when running ld.so directly with glibc.rtld.enable_secure set.

elf/rtld.c:1324   assert (auxv == sp + 1);
---
 elf/rtld.c | 26 ++++++++++++++++++--------
 1 file changed, 18 insertions(+), 8 deletions(-)

diff --git a/elf/rtld.c b/elf/rtld.c
index ac4bb23652..089863a8fa 100644
--- a/elf/rtld.c
+++ b/elf/rtld.c
@@ -155,7 +155,7 @@ static void dl_main_state_init (struct dl_main_state *state);
    Since all of them start with `LD_' we are a bit smarter while finding
    all the entries.  */
 extern char **_environ attribute_hidden;
-static void process_envvars (struct dl_main_state *state);
+static int process_envvars (struct dl_main_state *state);
 
 int _dl_argc attribute_relro attribute_hidden;
 char **_dl_argv attribute_relro = NULL;
@@ -1287,7 +1287,7 @@ rtld_setup_main_map (struct link_map *main_map)
    _dl_argv and _dl_argc accordingly.  Those arguments are removed from
    argv here.  */
 static void
-_dl_start_args_adjust (int skip_args)
+_dl_start_args_adjust (int skip_args, int skip_env)
 {
   void **sp = (void **) (_dl_argv - skip_args - 1);
   void **p = sp + skip_args;
@@ -1319,7 +1319,7 @@ _dl_start_args_adjust (int skip_args)
   while (*p != NULL);
 
 #ifdef HAVE_AUX_VECTOR
-  void **auxv = (void **) GLRO(dl_auxv) - skip_args;
+  void **auxv = (void **) GLRO(dl_auxv) - skip_args - skip_env;
   GLRO(dl_auxv) = (ElfW(auxv_t) *) auxv; /* Aliasing violation.  */
   assert (auxv == sp + 1);
 
@@ -1350,6 +1350,7 @@ dl_main (const ElfW(Phdr) *phdr,
   unsigned int i;
   bool rtld_is_main = false;
   void *tcbp = NULL;
+  int skip_env = 0;
 
   struct dl_main_state state;
   dl_main_state_init (&state);
@@ -1363,7 +1364,7 @@ dl_main (const ElfW(Phdr) *phdr,
 #endif
 
   /* Process the environment variable which control the behaviour.  */
-  process_envvars (&state);
+  skip_env = process_envvars (&state);
 
 #ifndef HAVE_INLINED_SYSCALLS
   /* Set up a flag which tells we are just starting.  */
@@ -1628,7 +1629,7 @@ dl_main (const ElfW(Phdr) *phdr,
         _dl_argv[0] = argv0;
 
       /* Adjust arguments for the application entry point.  */
-      _dl_start_args_adjust (_dl_argv - orig_argv);
+      _dl_start_args_adjust (_dl_argv - orig_argv, skip_env);
     }
   else
     {
@@ -2532,11 +2533,12 @@ a filename can be specified using the LD_DEBUG_OUTPUT environment variable.\n");
     }
 }
 
-static void
+static int
 process_envvars_secure (struct dl_main_state *state)
 {
   char **runp = _environ;
   char *envline;
+  int skip_env = 0;
 
   while ((envline = _dl_next_ld_env_entry (&runp)) != NULL)
     {
@@ -2578,6 +2580,9 @@ process_envvars_secure (struct dl_main_state *state)
   const char *nextp = UNSECURE_ENVVARS;
   do
     {
+      if (getenv (nextp) != NULL)
+        skip_env++;
+
       unsetenv (nextp);
       nextp = strchr (nextp, '\0') + 1;
     }
@@ -2590,6 +2595,8 @@ process_envvars_secure (struct dl_main_state *state)
       || state->mode != rtld_mode_normal
       || state->version_info)
     _exit (5);
+
+  return skip_env;
 }
 
 static void
@@ -2743,13 +2750,16 @@ process_envvars_default (struct dl_main_state *state)
     }
 }
 
-static void
+static int
 process_envvars (struct dl_main_state *state)
 {
+  int skip_env = 0;
   if (__glibc_unlikely (__libc_enable_secure))
-    process_envvars_secure (state);
+    skip_env += process_envvars_secure (state);
   else
     process_envvars_default (state);
+
+  return skip_env;
 }
 
 #if HP_TIMING_INLINE