Bug 22237 - Check internal symbols of libc.so accessed via PLT or GOT
Summary: Check internal symbols of libc.so accessed via PLT or GOT
Status: NEW
Alias: None
Product: glibc
Classification: Unclassified
Component: libc (show other bugs)
Version: 2.27
: P2 normal
Target Milestone: ---
Assignee: Not yet assigned to anyone
URL:
Keywords:
Depends on: 18822
Blocks:
  Show dependency treegraph
 
Reported: 2017-10-02 21:36 UTC by H.J. Lu
Modified: 2017-10-04 07:03 UTC (History)
2 users (show)

See Also:
Host:
Target:
Build:
Last reconfirmed:
fweimer: security-

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description H.J. Lu 2017-10-02 21:36:05 UTC 
If supported by target, internal symbols of libc.so should be accessed
without PLT nor GOT.  X86 PLT relocation is checked on libc_pic.a:

[hjl@gnu-efi-2 build-x86_64-linux]$ readelf -rW libc_pic.a | grep " __" | grep PLT32  | awk '{ print $5 }' | sort | uniq

It assumes that only symbols with "__" prefix are internal symbols.  A
machine-independent script should not be checking names
of relocations.  Instead it needs to look at properties of (global/weak) 
symbols in objects that go into shared libraries.  Symbols (defined or 
undefined) that are not hidden, but are not exported from those shared 
libraries, are suspect, but I'm not sure how reliably GCC will mark 
undefined symbols hidden even given appropriate declarations (and there 
may also be issues with undefined symbols properly called from .S sources 
but not marked hidden there).  So likely lists of exceptions to any such 
tests would be needed (including architecture-specific exceptions for e.g. 
libgcc symbols).