diff options
| author | Adhemerval Zanella <adhemerval.zanella@linaro.org> | 2025-03-14 16:09:57 -0300 |
|---|---|---|
| committer | Adhemerval Zanella <adhemerval.zanella@linaro.org> | 2025-03-21 15:46:48 -0300 |
| commit | ed6a68bac7cd056abda9008019c71b167f0362dc (patch) | |
| tree | 7ceb7f6403f423e4773724c518e537e13f140a3d /debug/Makefile | |
| parent | 1894e219dc530d7074085e95ffe3c1e66cebc072 (diff) | |
| download | glibc-ed6a68bac7cd056abda9008019c71b167f0362dc.tar.xz glibc-ed6a68bac7cd056abda9008019c71b167f0362dc.zip | |
debug: Improve '%n' fortify detection (BZ 30932)
The 7bb8045ec0 path made the '%n' fortify check ignore EMFILE errors
while trying to open /proc/self/maps, and this added a security
issue where EMFILE can be attacker-controlled thus making it
ineffective for some cases.
The EMFILE failure is reinstated but with a different error
message. Also, to improve the false positive of the hardening for
the cases where no new files can be opened, the
_dl_readonly_area now uses _dl_find_object to check if the
memory area is within a writable ELF segment. The procfs method is
still used as fallback.
Checked on x86_64-linux-gnu and i686-linux-gnu.
Reviewed-by: Arjun Shankar <arjun@redhat.com>
Diffstat (limited to 'debug/Makefile')
| -rw-r--r-- | debug/Makefile | 12 |
1 files changed, 12 insertions, 0 deletions
diff --git a/debug/Makefile b/debug/Makefile index 905f2bf7e0..2484580cd2 100644 --- a/debug/Makefile +++ b/debug/Makefile @@ -75,6 +75,7 @@ routines = \ readlink_chk \ readlinkat_chk \ readonly-area \ + readonly-area-fallback \ realpath_chk \ recv_chk \ recvfrom_chk \ @@ -180,9 +181,15 @@ CPPFLAGS-tst-longjmp_chk3.c += $(no-fortify-source) -D_FORTIFY_SOURCE=1 CPPFLAGS-tst-realpath-chk.c += $(no-fortify-source) -D_FORTIFY_SOURCE=2 CPPFLAGS-tst-chk-cancel.c += $(no-fortify-source) -D_FORTIFY_SOURCE=2 CFLAGS-tst-sprintf-fortify-rdonly.c += $(no-fortify-source) -D_FORTIFY_SOURCE=2 +CFLAGS-tst-sprintf-fortify-rdonly-mod.c += $(no-fortify-source) -D_FORTIFY_SOURCE=2 +CFLAGS-tst-sprintf-fortify-rdonly-dlopen.c += $(no-fortify-source) -D_FORTIFY_SOURCE=2 CFLAGS-tst-fortify-syslog.c += $(no-fortify-source) -D_FORTIFY_SOURCE=2 CFLAGS-tst-fortify-wide.c += $(no-fortify-source) -D_FORTIFY_SOURCE=2 +$(objpfx)tst-sprintf-fortify-rdonly: \ + $(objpfx)tst-sprintf-fortify-rdonly-mod.so \ + $(objpfx)tst-sprintf-fortify-rdonly-dlopen.so + # _FORTIFY_SOURCE tests. # Auto-generate tests for _FORTIFY_SOURCE for different levels, compilers and # preprocessor conditions based on tst-fortify.c. @@ -303,6 +310,11 @@ tests-container += \ tst-fortify-syslog \ # tests-container +modules-names += \ + tst-sprintf-fortify-rdonly-dlopen \ + tst-sprintf-fortify-rdonly-mod \ + # modules-names + ifeq ($(have-ssp),yes) tests += tst-ssp-1 endif |