diff options
| author | Adhemerval Zanella <adhemerval.zanella@linaro.org> | 2025-02-13 14:02:38 -0300 |
|---|---|---|
| committer | Adhemerval Zanella <adhemerval.zanella@linaro.org> | 2025-04-08 16:19:49 -0300 |
| commit | 12a497c716f0a06be5946cabb8c3ec22a079771e (patch) | |
| tree | 3187604dced4a2e132f77a1c56c743baf67985e8 /sysdeps | |
| parent | 5b132ec2b7712dbc055838b3b538b83ad1196414 (diff) | |
| download | glibc-12a497c716f0a06be5946cabb8c3ec22a079771e.zip glibc-12a497c716f0a06be5946cabb8c3ec22a079771e.tar.gz glibc-12a497c716f0a06be5946cabb8c3ec22a079771e.tar.bz2 | |
elf: Extend glibc.rtld.execstack tunable to force executable stack (BZ 32653)
From the bug report [1], multiple programs still require to dlopen
shared libraries with either missing PT_GNU_STACK or with the executable
bit set. Although, in some cases, it seems to be a hard-craft assembly
source without the required .note.GNU-stack marking (so the static linker
is forced to set the stack executable if the ABI requires it), other
cases seem that the library uses trampolines [2].
Unfortunately, READ_IMPLIES_EXEC is not an option since on some ABIs
(x86_64), the kernel clears the bit, making it unsupported. To avoid
reinstating the broken code that changes stack permission on dlopen
(0ca8785a28), this patch extends the glibc.rtld.execstack tunable to
allow an option to force an executable stack at the program startup.
The tunable is a security issue because it defeats the PT_GNU_STACK
hardening. It has the slight advantage of making it explicit by the
caller, and, as for other tunables, this is disabled for setuid binaries.
A tunable also allows us to eventually remove it, but from previous
experiences, it would require some time.
Checked on aarch64-linux-gnu, x86_64-linux-gnu, and i686-linux-gnu.
[1] https://sourceware.org/bugzilla/show_bug.cgi?id=32653
[2] https://github.com/conda-forge/ctng-compiler-activation-feedstock/issues/143
Reviewed-by: Sam James <sam@gentoo.org>
Diffstat (limited to 'sysdeps')
| -rw-r--r-- | sysdeps/generic/ldsodefs.h | 13 |
1 files changed, 13 insertions, 0 deletions
diff --git a/sysdeps/generic/ldsodefs.h b/sysdeps/generic/ldsodefs.h index 5b12a41..b5d5b31 100644 --- a/sysdeps/generic/ldsodefs.h +++ b/sysdeps/generic/ldsodefs.h @@ -717,6 +717,19 @@ extern const ElfW(Phdr) *_dl_phdr; extern size_t _dl_phnum; #endif +/* Possible values for the glibc.rtld.execstack tunable. */ +enum stack_tunable_mode + { + /* Do not allow executable stacks, even if program requires it. */ + stack_tunable_mode_disable = 0, + /* Follows either ABI requirement, or the PT_GNU_STACK value. */ + stack_tunable_mode_enable = 1, + /* Always enable an executable stack. */ + stack_tunable_mode_force = 2 + }; + +void _dl_handle_execstack_tunable (void) attribute_hidden; + /* This function changes the permission of the memory region pointed by STACK_ENDP to executable and update the internal memory protection flags for future thread stack creation. */ |