aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--ChangeLog5
-rw-r--r--elf/rtld.c62
2 files changed, 44 insertions, 23 deletions
diff --git a/ChangeLog b/ChangeLog
index e8afd16..38f9a33 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,8 @@
+2007-10-31 Ulrich Drepper <drepper@redhat.com>
+
+ * elf/rtld.c (dl_main): Initialize stack and pointer guard early
+ when using auditing libraries.
+
2007-10-29 Ulrich Drepper <drepper@redhat.com>
* resolv/Versions [libresolv] (GLIBC_PRIVATE): Add
diff --git a/elf/rtld.c b/elf/rtld.c
index 7612a69..6df81fb 100644
--- a/elf/rtld.c
+++ b/elf/rtld.c
@@ -833,6 +833,35 @@ rtld_lock_default_unlock_recursive (void *lock)
#endif
+static void
+security_init (void)
+{
+ /* Set up the stack checker's canary. */
+ uintptr_t stack_chk_guard = _dl_setup_stack_chk_guard ();
+#ifdef THREAD_SET_STACK_GUARD
+ THREAD_SET_STACK_GUARD (stack_chk_guard);
+#else
+ __stack_chk_guard = stack_chk_guard;
+#endif
+
+ /* Set up the pointer guard as well, if necessary. */
+ if (GLRO(dl_pointer_guard))
+ {
+ // XXX If it is cheap, we should use a separate value.
+ uintptr_t pointer_chk_guard = stack_chk_guard;
+#ifndef HP_TIMING_NONAVAIL
+ hp_timing_t now;
+ HP_TIMING_NOW (now);
+ pointer_chk_guard ^= now;
+#endif
+#ifdef THREAD_SET_POINTER_GUARD
+ THREAD_SET_POINTER_GUARD (pointer_chk_guard);
+#endif
+ __pointer_chk_guard_local = pointer_chk_guard;
+ }
+}
+
+
/* The library search path. */
static const char *library_path attribute_relro;
/* The list preloaded objects. */
@@ -1405,6 +1434,12 @@ of this helper program; chances are you did not intend to run this program.\n\
initialize the data structures now. */
tcbp = init_tls ();
+ /* Initialize security features. We need to do it this early
+ since otherwise the constructors of the audit libraries will
+ use different values (especially the pointer guard) and will
+ fail later on. */
+ security_init ();
+
do
{
int tls_idx = GL(dl_tls_max_dtv_idx);
@@ -1815,29 +1850,10 @@ ERROR: ld.so: object '%s' cannot be loaded as audit interface: %s; ignored.\n",
if (tcbp == NULL)
tcbp = init_tls ();
- /* Set up the stack checker's canary. */
- uintptr_t stack_chk_guard = _dl_setup_stack_chk_guard ();
-#ifdef THREAD_SET_STACK_GUARD
- THREAD_SET_STACK_GUARD (stack_chk_guard);
-#else
- __stack_chk_guard = stack_chk_guard;
-#endif
-
- /* Set up the pointer guard as well, if necessary. */
- if (GLRO(dl_pointer_guard))
- {
- // XXX If it is cheap, we should use a separate value.
- uintptr_t pointer_chk_guard = stack_chk_guard;
-#ifndef HP_TIMING_NONAVAIL
- hp_timing_t now;
- HP_TIMING_NOW (now);
- pointer_chk_guard ^= now;
-#endif
-#ifdef THREAD_SET_POINTER_GUARD
- THREAD_SET_POINTER_GUARD (pointer_chk_guard);
-#endif
- __pointer_chk_guard_local = pointer_chk_guard;
- }
+ if (__builtin_expect (audit_list == NULL, 1))
+ /* Initialize security features. But only if we have not done it
+ earlier. */
+ security_init ();
if (__builtin_expect (mode, normal) != normal)
{