Always enable pointer guard [BZ #18928]

Honoring the LD_POINTER_GUARD environment variable in AT_SECURE mode
has security implications.  This commit enables pointer guard
unconditionally, and the environment variable is now ignored.

        [BZ #18928]
        * sysdeps/generic/ldsodefs.h (struct rtld_global_ro): Remove
        _dl_pointer_guard member.
        * elf/rtld.c (_rtld_global_ro): Remove _dl_pointer_guard
        initializer.
        (security_init): Always set up pointer guard.
        (process_envvars): Do not process LD_POINTER_GUARD.

diff --git a/ChangeLog b/ChangeLog
index 997ad1381f30bd62b79fcd80ddd1149c9022282c..fa58b3042db1e5808a84230308df2150f5ba19e7 100644 (file)
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,13 @@
+2015-10-15  Florian Weimer  <fweimer@redhat.com>
+
+       [BZ #18928]
+       * sysdeps/generic/ldsodefs.h (struct rtld_global_ro): Remove
+       _dl_pointer_guard member.
+       * elf/rtld.c (_rtld_global_ro): Remove _dl_pointer_guard
+       initializer.
+       (security_init): Always set up pointer guard.
+       (process_envvars): Do not process LD_POINTER_GUARD.
+
 2015-10-14  Joseph Myers  <joseph@codesourcery.com>
 
        [BZ #19134]

diff --git a/NEWS b/NEWS
index d4e8b4adf2e0cfe87fafdc1a4989e6c6e7976c7e..0491a27a1e164e06b56de90dd51199623b24b563 100644 (file)
--- a/NEWS
+++ b/NEWS
@@ -16,11 +16,14 @@ Version 2.23
   18265, 18370, 18421, 18480, 18525, 18595, 18589, 18610, 18618, 18647,
   18661, 18674, 18675, 18681, 18724, 18757, 18778, 18781, 18787, 18789,
   18790, 18795, 18796, 18803, 18820, 18823, 18824, 18825, 18857, 18863,
-  18870, 18872, 18873, 18875, 18887, 18921, 18951, 18952, 18956, 18961,
-  18966, 18967, 18969, 18970, 18977, 18980, 18981, 18985, 19003, 19007,
-  19012, 19016, 19018, 19032, 19046, 19049, 19050, 19059, 19071, 19074,
-  19076, 19077, 19078, 19079, 19085, 19086, 19088, 19094, 19095, 19124,
-  19125, 19129, 19134
+  18870, 18872, 18873, 18875, 18887, 18921, 18928, 18951, 18952, 18956,
+  18961, 18966, 18967, 18969, 18970, 18977, 18980, 18981, 18985, 19003,
+  19007, 19012, 19016, 19018, 19032, 19046, 19049, 19050, 19059, 19071,
+  19074, 19076, 19077, 19078, 19079, 19085, 19086, 19088, 19094, 19095,
+  19124, 19125, 19129, 19134
+
+* The LD_POINTER_GUARD environment variable can no longer be used to
+  disable the pointer guard feature.  It is always enabled.
 
 * The obsolete header <regexp.h> has been removed.  Programs that require
   this header must be updated to use <regex.h> instead.

diff --git a/elf/rtld.c b/elf/rtld.c
index 1474c72cde2ab313c354f6567346115fa06da27f..52160dfde6be42eba000c4e8136de0d190617270 100644 (file)
--- a/elf/rtld.c
+++ b/elf/rtld.c
@@ -162,7 +162,6 @@ struct rtld_global_ro _rtld_global_ro attribute_relro =
     ._dl_hwcap_mask = HWCAP_IMPORTANT,
     ._dl_lazy = 1,
     ._dl_fpu_control = _FPU_DEFAULT,
-    ._dl_pointer_guard = 1,
     ._dl_pagesize = EXEC_PAGESIZE,
     ._dl_inhibit_cache = 0,
 
@@ -709,15 +708,12 @@ security_init (void)
 #endif
 
   /* Set up the pointer guard as well, if necessary.  */
-  if (GLRO(dl_pointer_guard))
-    {
-      uintptr_t pointer_chk_guard = _dl_setup_pointer_guard (_dl_random,
-                                                            stack_chk_guard);
+  uintptr_t pointer_chk_guard
+    = _dl_setup_pointer_guard (_dl_random, stack_chk_guard);
 #ifdef THREAD_SET_POINTER_GUARD
-      THREAD_SET_POINTER_GUARD (pointer_chk_guard);
+  THREAD_SET_POINTER_GUARD (pointer_chk_guard);
 #endif
-      __pointer_chk_guard_local = pointer_chk_guard;
-    }
+  __pointer_chk_guard_local = pointer_chk_guard;
 
   /* We do not need the _dl_random value anymore.  The less
      information we leave behind, the better, so clear the
@@ -2471,9 +2467,6 @@ process_envvars (enum mode *modep)
              GLRO(dl_use_load_bias) = envline[14] == '1' ? -1 : 0;
              break;
            }
-
-         if (memcmp (envline, "POINTER_GUARD", 13) == 0)
-           GLRO(dl_pointer_guard) = envline[14] != '0';
          break;
 
        case 14:

diff --git a/sysdeps/generic/ldsodefs.h b/sysdeps/generic/ldsodefs.h
index 7f7ff72f889066dbfd1d8541ac825bb315f8b74a..0625826c3b4b6c4a65735728936a2e7021e61604 100644 (file)
--- a/sysdeps/generic/ldsodefs.h
+++ b/sysdeps/generic/ldsodefs.h
@@ -592,9 +592,6 @@ struct rtld_global_ro
   /* List of auditing interfaces.  */
   struct audit_ifaces *_dl_audit;
   unsigned int _dl_naudit;
-
-  /* 0 if internal pointer values should not be guarded, 1 if they should.  */
-  EXTERN int _dl_pointer_guard;
 };
 # define __rtld_global_attribute__
 # if IS_IN (rtld)