[PATCH] elf: Remove ad-hoc restrictions on dlopen callers [BZ #22787]
Florian Weimer
fweimer@redhat.com
Tue Feb 20 14:17:00 GMT 2018
On 02/05/2018 03:01 PM, Florian Weimer wrote:
> This looks like a post-exploitation hardening measure: If an attacker is
> able to redirect execution flow, they could use that to load a DSO which
> contains additional code (or perhaps make the stack executable).
>
> However, the checks are not in the correct place to be effective: If
> they are performed before the critical operation, an attacker with
> sufficient control over execution flow could simply jump directly to
> the code which performs the operation, bypassing the check. The check
> would have to be executed unconditionally after the operation and
> terminate the process in case a caller violation was detected.
>
> Furthermore, in _dl_check_caller, there was a fallback reading global
> writable data (GL(dl_rtld_map).l_map_start and
> GL(dl_rtld_map).l_text_end), which could conceivably be targeted by an
> attacker to disable the check, too.
>
> Other critical functions (such as system) remain completely
> unprotected, so the value of these additional checks does not appear
> that large. Therefore this commit removes this functionality.
Ping?
<https://sourceware.org/ml/libc-alpha/2018-02/msg00123.html>
Thanks,
Florian
More information about the Libc-alpha
mailing list