This is the mail archive of the mailing list for the glibc project.

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

[Bug dynamic-link/22851] ld library ELF load error

rschiron at redhat dot com changed:

           What    |Removed                     |Added
                 CC|                            |rschiron at redhat dot com

--- Comment #6 from rschiron at redhat dot com ---
Copying from from

glibc assumes loadable segment entries (PT_LOAD) in the program header table
appear in ascending order, sorted on the p_vaddr member. While loading a
library, function _dl_map_segments() in dl-map-segments.h lets the kernel map
the first segment of the library anywhere it likes, but it requires a large
enough chunk of memory to include all the loadable segment entries. Considering
how mmap works, the allocation happens to be close to other libraries and to
the ld-linux loader segments.

However, if a library is created such that the first loadable segment entry is
not the one with the lowest Virtual Address or the last loadable segment entry
is not the one with the highest End Virtual Address, it is possible to make
ld-linux wrongly compute the overall size required to load the library in the
process' memory. When this happens, the malicious library can easily overwrite
other libraries that were already loaded.

While a malicious library can already easily execute code (e.g. with
constructors) when a program uses it, it should not be possible to execute code
while listing the dependencies of an ELF file.

You are receiving this mail because:
You are on the CC list for the bug.

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]