Bug 24323

Summary: dlopen should not be able open PIE objects
Product: glibc Reporter: Florian Weimer <fweimer>
Component: dynamic-linkAssignee: Not yet assigned to anyone <unassigned>
Status: RESOLVED FIXED    
Severity: normal Flags: fweimer: security-
Priority: P2    
Version: 2.30   
Target Milestone: 2.30   
See Also: https://sourceware.org/bugzilla/show_bug.cgi?id=11754
Host: Target:
Build: Last reconfirmed:

Description Florian Weimer 2019-03-12 12:01:28 UTC
We cannot perform correct relocations for a second executable, and there is currently no way to run its ELF constructors (and it is unclear what the proper behavior would be anyway).

Therefore, we should refuse to load PIE objects using dlopen.
Comment 1 Florian Weimer 2019-04-15 12:58:08 UTC
See bug 11754 comment 15 for an example why this change is desirable.
Comment 2 Sourceware Commits 2019-06-19 08:13:49 UTC
The master branch has been updated by Florian Weimer <fw@sourceware.org>:

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=2c75b545de6fe3c44138799c68217a94bc669a88

commit 2c75b545de6fe3c44138799c68217a94bc669a88
Author: Florian Weimer <fweimer@redhat.com>
Date:   Tue Jun 18 16:42:10 2019 +0200

    elf: Refuse to dlopen PIE objects [BZ #24323]
    
    Another executable has already been mapped, so the dynamic linker
    cannot perform relocations correctly for the second executable.
Comment 3 Florian Weimer 2019-06-19 08:15:03 UTC
Fixed in glibc 2.30.
Comment 4 Sourceware Commits 2019-11-04 20:01:33 UTC
The release/2.28/master branch has been updated by DJ Delorie <dj@sourceware.org>:

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=59991bf48a821a9b8d504b325e84d2099fa1a14e

commit 59991bf48a821a9b8d504b325e84d2099fa1a14e
Author: Florian Weimer <fweimer@redhat.com>
Date:   Fri Nov 1 15:41:30 2019 -0400

    elf: Refuse to dlopen PIE objects [BZ #24323]
    
    Another executable has already been mapped, so the dynamic linker
    cannot perform relocations correctly for the second executable.
    
    (cherry picked from commit 2c75b545de6fe3c44138799c68217a94bc669a88)
    (test omitted due to indirect dependency on test-in-container)
Comment 5 Sourceware Commits 2019-11-04 20:01:43 UTC
The release/2.29/master branch has been updated by DJ Delorie <dj@sourceware.org>:

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=52a6381659ecf725efaf8972a94ce40ab9956e4e

commit 52a6381659ecf725efaf8972a94ce40ab9956e4e
Author: Florian Weimer <fweimer@redhat.com>
Date:   Tue Jun 18 16:42:10 2019 +0200

    elf: Refuse to dlopen PIE objects [BZ #24323]
    
    Another executable has already been mapped, so the dynamic linker
    cannot perform relocations correctly for the second executable.
    
    (cherry picked from commit 2c75b545de6fe3c44138799c68217a94bc669a88)