Bug 24323 - dlopen should not be able open PIE objects
Summary: dlopen should not be able open PIE objects
Status: RESOLVED FIXED
Alias: None
Product: glibc
Classification: Unclassified
Component: dynamic-link (show other bugs)
Version: 2.30
: P2 normal
Target Milestone: 2.30
Assignee: Not yet assigned to anyone
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2019-03-12 12:01 UTC by Florian Weimer
Modified: 2019-11-04 20:01 UTC (History)
0 users

See Also:
Host:
Target:
Build:
Last reconfirmed:
fweimer: security-


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Florian Weimer 2019-03-12 12:01:28 UTC
We cannot perform correct relocations for a second executable, and there is currently no way to run its ELF constructors (and it is unclear what the proper behavior would be anyway).

Therefore, we should refuse to load PIE objects using dlopen.
Comment 1 Florian Weimer 2019-04-15 12:58:08 UTC
See bug 11754 comment 15 for an example why this change is desirable.
Comment 2 cvs-commit@gcc.gnu.org 2019-06-19 08:13:49 UTC
The master branch has been updated by Florian Weimer <fw@sourceware.org>:

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=2c75b545de6fe3c44138799c68217a94bc669a88

commit 2c75b545de6fe3c44138799c68217a94bc669a88
Author: Florian Weimer <fweimer@redhat.com>
Date:   Tue Jun 18 16:42:10 2019 +0200

    elf: Refuse to dlopen PIE objects [BZ #24323]
    
    Another executable has already been mapped, so the dynamic linker
    cannot perform relocations correctly for the second executable.
Comment 3 Florian Weimer 2019-06-19 08:15:03 UTC
Fixed in glibc 2.30.
Comment 4 cvs-commit@gcc.gnu.org 2019-11-04 20:01:33 UTC
The release/2.28/master branch has been updated by DJ Delorie <dj@sourceware.org>:

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=59991bf48a821a9b8d504b325e84d2099fa1a14e

commit 59991bf48a821a9b8d504b325e84d2099fa1a14e
Author: Florian Weimer <fweimer@redhat.com>
Date:   Fri Nov 1 15:41:30 2019 -0400

    elf: Refuse to dlopen PIE objects [BZ #24323]
    
    Another executable has already been mapped, so the dynamic linker
    cannot perform relocations correctly for the second executable.
    
    (cherry picked from commit 2c75b545de6fe3c44138799c68217a94bc669a88)
    (test omitted due to indirect dependency on test-in-container)
Comment 5 cvs-commit@gcc.gnu.org 2019-11-04 20:01:43 UTC
The release/2.29/master branch has been updated by DJ Delorie <dj@sourceware.org>:

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=52a6381659ecf725efaf8972a94ce40ab9956e4e

commit 52a6381659ecf725efaf8972a94ce40ab9956e4e
Author: Florian Weimer <fweimer@redhat.com>
Date:   Tue Jun 18 16:42:10 2019 +0200

    elf: Refuse to dlopen PIE objects [BZ #24323]
    
    Another executable has already been mapped, so the dynamic linker
    cannot perform relocations correctly for the second executable.
    
    (cherry picked from commit 2c75b545de6fe3c44138799c68217a94bc669a88)