This is the mail archive of the
glibc-cvs@sourceware.org
mailing list for the glibc project.
GNU C Library master sources branch master updated. glibc-2.22-382-ga014cec
- From: fw at sourceware dot org
- To: glibc-cvs at sourceware dot org
- Date: 15 Oct 2015 07:49:00 -0000
- Subject: GNU C Library master sources branch master updated. glibc-2.22-382-ga014cec
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU C Library master sources".
The branch, master has been updated
via a014cecd82b71b70a6a843e250e06b541ad524f7 (commit)
from 0c25f5b5bb48a9d550b5fb403b9a801ba04c146f (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=a014cecd82b71b70a6a843e250e06b541ad524f7
commit a014cecd82b71b70a6a843e250e06b541ad524f7
Author: Florian Weimer <fweimer@redhat.com>
Date: Thu Oct 15 09:23:07 2015 +0200
Always enable pointer guard [BZ #18928]
Honoring the LD_POINTER_GUARD environment variable in AT_SECURE mode
has security implications. This commit enables pointer guard
unconditionally, and the environment variable is now ignored.
[BZ #18928]
* sysdeps/generic/ldsodefs.h (struct rtld_global_ro): Remove
_dl_pointer_guard member.
* elf/rtld.c (_rtld_global_ro): Remove _dl_pointer_guard
initializer.
(security_init): Always set up pointer guard.
(process_envvars): Do not process LD_POINTER_GUARD.
diff --git a/ChangeLog b/ChangeLog
index 997ad13..fa58b30 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,13 @@
+2015-10-15 Florian Weimer <fweimer@redhat.com>
+
+ [BZ #18928]
+ * sysdeps/generic/ldsodefs.h (struct rtld_global_ro): Remove
+ _dl_pointer_guard member.
+ * elf/rtld.c (_rtld_global_ro): Remove _dl_pointer_guard
+ initializer.
+ (security_init): Always set up pointer guard.
+ (process_envvars): Do not process LD_POINTER_GUARD.
+
2015-10-14 Joseph Myers <joseph@codesourcery.com>
[BZ #19134]
diff --git a/NEWS b/NEWS
index d4e8b4a..0491a27 100644
--- a/NEWS
+++ b/NEWS
@@ -16,11 +16,14 @@ Version 2.23
18265, 18370, 18421, 18480, 18525, 18595, 18589, 18610, 18618, 18647,
18661, 18674, 18675, 18681, 18724, 18757, 18778, 18781, 18787, 18789,
18790, 18795, 18796, 18803, 18820, 18823, 18824, 18825, 18857, 18863,
- 18870, 18872, 18873, 18875, 18887, 18921, 18951, 18952, 18956, 18961,
- 18966, 18967, 18969, 18970, 18977, 18980, 18981, 18985, 19003, 19007,
- 19012, 19016, 19018, 19032, 19046, 19049, 19050, 19059, 19071, 19074,
- 19076, 19077, 19078, 19079, 19085, 19086, 19088, 19094, 19095, 19124,
- 19125, 19129, 19134
+ 18870, 18872, 18873, 18875, 18887, 18921, 18928, 18951, 18952, 18956,
+ 18961, 18966, 18967, 18969, 18970, 18977, 18980, 18981, 18985, 19003,
+ 19007, 19012, 19016, 19018, 19032, 19046, 19049, 19050, 19059, 19071,
+ 19074, 19076, 19077, 19078, 19079, 19085, 19086, 19088, 19094, 19095,
+ 19124, 19125, 19129, 19134
+
+* The LD_POINTER_GUARD environment variable can no longer be used to
+ disable the pointer guard feature. It is always enabled.
* The obsolete header <regexp.h> has been removed. Programs that require
this header must be updated to use <regex.h> instead.
diff --git a/elf/rtld.c b/elf/rtld.c
index 1474c72..52160df 100644
--- a/elf/rtld.c
+++ b/elf/rtld.c
@@ -162,7 +162,6 @@ struct rtld_global_ro _rtld_global_ro attribute_relro =
._dl_hwcap_mask = HWCAP_IMPORTANT,
._dl_lazy = 1,
._dl_fpu_control = _FPU_DEFAULT,
- ._dl_pointer_guard = 1,
._dl_pagesize = EXEC_PAGESIZE,
._dl_inhibit_cache = 0,
@@ -709,15 +708,12 @@ security_init (void)
#endif
/* Set up the pointer guard as well, if necessary. */
- if (GLRO(dl_pointer_guard))
- {
- uintptr_t pointer_chk_guard = _dl_setup_pointer_guard (_dl_random,
- stack_chk_guard);
+ uintptr_t pointer_chk_guard
+ = _dl_setup_pointer_guard (_dl_random, stack_chk_guard);
#ifdef THREAD_SET_POINTER_GUARD
- THREAD_SET_POINTER_GUARD (pointer_chk_guard);
+ THREAD_SET_POINTER_GUARD (pointer_chk_guard);
#endif
- __pointer_chk_guard_local = pointer_chk_guard;
- }
+ __pointer_chk_guard_local = pointer_chk_guard;
/* We do not need the _dl_random value anymore. The less
information we leave behind, the better, so clear the
@@ -2471,9 +2467,6 @@ process_envvars (enum mode *modep)
GLRO(dl_use_load_bias) = envline[14] == '1' ? -1 : 0;
break;
}
-
- if (memcmp (envline, "POINTER_GUARD", 13) == 0)
- GLRO(dl_pointer_guard) = envline[14] != '0';
break;
case 14:
diff --git a/sysdeps/generic/ldsodefs.h b/sysdeps/generic/ldsodefs.h
index 7f7ff72..0625826 100644
--- a/sysdeps/generic/ldsodefs.h
+++ b/sysdeps/generic/ldsodefs.h
@@ -592,9 +592,6 @@ struct rtld_global_ro
/* List of auditing interfaces. */
struct audit_ifaces *_dl_audit;
unsigned int _dl_naudit;
-
- /* 0 if internal pointer values should not be guarded, 1 if they should. */
- EXTERN int _dl_pointer_guard;
};
# define __rtld_global_attribute__
# if IS_IN (rtld)
-----------------------------------------------------------------------
Summary of changes:
ChangeLog | 10 ++++++++++
NEWS | 13 ++++++++-----
elf/rtld.c | 15 ++++-----------
sysdeps/generic/ldsodefs.h | 3 ---
4 files changed, 22 insertions(+), 19 deletions(-)
hooks/post-receive
--
GNU C Library master sources