diff options
| author | Adhemerval Zanella <adhemerval.zanella@linaro.org> | 2025-03-14 16:09:57 -0300 |
|---|---|---|
| committer | Adhemerval Zanella <adhemerval.zanella@linaro.org> | 2025-03-21 15:46:48 -0300 |
| commit | ed6a68bac7cd056abda9008019c71b167f0362dc (patch) | |
| tree | 7ceb7f6403f423e4773724c518e537e13f140a3d /elf/rtld.c | |
| parent | 1894e219dc530d7074085e95ffe3c1e66cebc072 (diff) | |
| download | glibc-ed6a68bac7cd056abda9008019c71b167f0362dc.tar.xz glibc-ed6a68bac7cd056abda9008019c71b167f0362dc.zip | |
debug: Improve '%n' fortify detection (BZ 30932)
The 7bb8045ec0 path made the '%n' fortify check ignore EMFILE errors
while trying to open /proc/self/maps, and this added a security
issue where EMFILE can be attacker-controlled thus making it
ineffective for some cases.
The EMFILE failure is reinstated but with a different error
message. Also, to improve the false positive of the hardening for
the cases where no new files can be opened, the
_dl_readonly_area now uses _dl_find_object to check if the
memory area is within a writable ELF segment. The procfs method is
still used as fallback.
Checked on x86_64-linux-gnu and i686-linux-gnu.
Reviewed-by: Arjun Shankar <arjun@redhat.com>
Diffstat (limited to 'elf/rtld.c')
| -rw-r--r-- | elf/rtld.c | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/elf/rtld.c b/elf/rtld.c index 00b25c1a73..099c447e80 100644 --- a/elf/rtld.c +++ b/elf/rtld.c @@ -371,6 +371,7 @@ struct rtld_global_ro _rtld_global_ro attribute_relro = ._dl_error_free = _dl_error_free, ._dl_tls_get_addr_soft = _dl_tls_get_addr_soft, ._dl_libc_freeres = __rtld_libc_freeres, + ._dl_readonly_area = _dl_readonly_area, }; /* If we would use strong_alias here the compiler would see a non-hidden definition. This would undo the effect of the previous |