Create a hook for inspecting program headers during library load
Commit Message
Patch updated below. Though I did remember Joseph steering me away from
an ifdef based interface while reworking this:
https://sourceware.org/ml/libc-alpha/2014-05/msg00045.html
Does this seem more appropriate?
Tested for x86_64-linux-gnu.
Thanks,
Matthew
* elf/dl-load.c (dl-load-stubs.h): Include.
(open_verify): Add hook for phdr check.
* elf/dl-load-stubs.h: New file.
---
elf/dl-load-stubs.h | 32 ++++++++++++++++++++++++++++++++
elf/dl-load.c | 6 ++++++
2 files changed, 38 insertions(+)
create mode 100644 elf/dl-load-stubs.h
Comments
On 2 October 2014 16:02, Matthew Fortune <Matthew.Fortune@imgtec.com> wrote:
> Patch updated below. Though I did remember Joseph steering me away from
> an ifdef based interface while reworking this:
>
> https://sourceware.org/ml/libc-alpha/2014-05/msg00045.html
>
> Does this seem more appropriate?
You could implement it using the sysdeps mechanism, e.g. see how
dl-irel.h and similar headers operate.
> Tested for x86_64-linux-gnu.
>
> Thanks,
> Matthew
>
> * elf/dl-load.c (dl-load-stubs.h): Include.
> (open_verify): Add hook for phdr check.
> * elf/dl-load-stubs.h: New file.
> ---
> elf/dl-load-stubs.h | 32 ++++++++++++++++++++++++++++++++
> elf/dl-load.c | 6 ++++++
> 2 files changed, 38 insertions(+)
> create mode 100644 elf/dl-load-stubs.h
>
> diff --git a/elf/dl-load-stubs.h b/elf/dl-load-stubs.h
> new file mode 100644
> index 0000000..8eb671d
> --- /dev/null
> +++ b/elf/dl-load-stubs.h
> @@ -0,0 +1,32 @@
> +/* Stub implementations for loader functions.
> + Copyright (C) 2014 Free Software Foundation, Inc.
> + This file is part of the GNU C Library.
> +
> + The GNU C Library is free software; you can redistribute it and/or
> + modify it under the terms of the GNU Lesser General Public
> + License as published by the Free Software Foundation; either
> + version 2.1 of the License, or (at your option) any later version.
> +
> + The GNU C Library is distributed in the hope that it will be useful,
> + but WITHOUT ANY WARRANTY; without even the implied warranty of
> + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
> + Lesser General Public License for more details.
> +
> + You should have received a copy of the GNU Lesser General Public
> + License along with the GNU C Library; if not, see
> + <http://www.gnu.org/licenses/>. */
> +
> +/* Provide a default implementation of elf_machine_reject_phdr_p if a port
> + has not provided its own. */
> +
> +#ifndef ELF_MACHINE_REJECT_PHDR_P
> +/* Return true iff ELF program headers are incompatible with the running
> + host. */
> +static inline bool
> +elf_machine_reject_phdr_p (const ElfW(Phdr) *phdr, uint_fast16_t phnum,
> + const char *buf, size_t len, int fd,
> + struct link_map *map)
> +{
> + return false;
> +}
> +#endif
> diff --git a/elf/dl-load.c b/elf/dl-load.c
> index 016a99c..aff3506 100644
> --- a/elf/dl-load.c
> +++ b/elf/dl-load.c
> @@ -31,6 +31,7 @@
> #include <sys/stat.h>
> #include <sys/types.h>
> #include "dynamic-link.h"
> +#include "dl-load-stubs.h"
> #include <abi-tag.h>
> #include <stackinfo.h>
> #include <caller.h>
> @@ -1697,6 +1698,11 @@ open_verify (const char *name, struct filebuf *fbp, struct link_map *loader,
> }
> }
>
> + if (__glibc_unlikely (
> + elf_machine_reject_phdr_p (phdr, ehdr->e_phnum, fbp->buf, fbp->len,
> + fd, loader)))
> + goto close_and_out;
> +
> /* Check .note.ABI-tag if present. */
> for (ph = phdr; ph < &phdr[ehdr->e_phnum]; ++ph)
> if (ph->p_type == PT_NOTE && ph->p_filesz >= 32 && ph->p_align >= 4)
> --
> 1.9.4
> On 2 October 2014 16:02, Matthew Fortune <Matthew.Fortune@imgtec.com>
> wrote:
> > Patch updated below. Though I did remember Joseph steering me away from
> > an ifdef based interface while reworking this:
> >
> > https://sourceware.org/ml/libc-alpha/2014-05/msg00045.html
> >
> > Does this seem more appropriate?
>
> You could implement it using the sysdeps mechanism, e.g. see how
> dl-irel.h and similar headers operate.
Thanks. I didn't quite follow what Roland was referring to by a sysdeps file.
That will be much neater.
Matthew
new file mode 100644
@@ -0,0 +1,32 @@
+/* Stub implementations for loader functions.
+ Copyright (C) 2014 Free Software Foundation, Inc.
+ This file is part of the GNU C Library.
+
+ The GNU C Library is free software; you can redistribute it and/or
+ modify it under the terms of the GNU Lesser General Public
+ License as published by the Free Software Foundation; either
+ version 2.1 of the License, or (at your option) any later version.
+
+ The GNU C Library is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ Lesser General Public License for more details.
+
+ You should have received a copy of the GNU Lesser General Public
+ License along with the GNU C Library; if not, see
+ <http://www.gnu.org/licenses/>. */
+
+/* Provide a default implementation of elf_machine_reject_phdr_p if a port
+ has not provided its own. */
+
+#ifndef ELF_MACHINE_REJECT_PHDR_P
+/* Return true iff ELF program headers are incompatible with the running
+ host. */
+static inline bool
+elf_machine_reject_phdr_p (const ElfW(Phdr) *phdr, uint_fast16_t phnum,
+ const char *buf, size_t len, int fd,
+ struct link_map *map)
+{
+ return false;
+}
+#endif
@@ -31,6 +31,7 @@
#include <sys/stat.h>
#include <sys/types.h>
#include "dynamic-link.h"
+#include "dl-load-stubs.h"
#include <abi-tag.h>
#include <stackinfo.h>
#include <caller.h>
@@ -1697,6 +1698,11 @@ open_verify (const char *name, struct filebuf *fbp, struct link_map *loader,
}
}
+ if (__glibc_unlikely (
+ elf_machine_reject_phdr_p (phdr, ehdr->e_phnum, fbp->buf, fbp->len,
+ fd, loader)))
+ goto close_and_out;
+
/* Check .note.ABI-tag if present. */
for (ph = phdr; ph < &phdr[ehdr->e_phnum]; ++ph)
if (ph->p_type == PT_NOTE && ph->p_filesz >= 32 && ph->p_align >= 4)