| Message ID | 20241128173851.1920696-1-adhemerval.zanella@linaro.org |
|---|---|
| Headers | show
Delivered-To: patch@linaro.org
Received: by 2002:adf:f2c4:0:b0:382:43a8:7b94 with SMTP id d4csp376783wrp;
Thu, 28 Nov 2024 09:39:28 -0800 (PST)
X-Forwarded-Encrypted: i=3;
AJvYcCXiWSSh/NBTU7EYI85oqhyan1ln6P6Ujx6IupNq0vZ7roVGdLtfLgi225NjtqQuqCX2cebaIw==@linaro.org
X-Google-Smtp-Source:
AGHT+IHaUrCGpK85Aa8flW2PG5x9krWeQK8wbfK4eVjv91DtJuVbXvOzi3DpAjfglolfGvW4PiWN
X-Received: by 2002:a05:6214:2424:b0:6d4:e0a:230e with SMTP id
6a1803df08f44-6d864d26013mr124456676d6.16.1732815568302;
Thu, 28 Nov 2024 09:39:28 -0800 (PST)
ARC-Seal: i=2; a=rsa-sha256; t=1732815568; cv=pass;
d=google.com; s=arc-20240605;
b=gfZ/A3XIJldzcTZdM3IbvSzAFXk1N4TQV6IkXDIt0vksEl1nlU9ZODq28CqocRQPzq
R8jGLMwBTFAKP/iVzjBstl3E5T7r/Zv3+EHLGs54LECkA/2U/u5mO5530gvUwMACyFhn
NN3PaRmemdXhbEtsJi1c/X2yfoIJoUlmehAeT6/2e3lmJFlC6LiHxUGgmYViqAgnAMo6
gnGFQbpk5tBsHARvSO8AND43Dvr2xhnV7qR/Y8kjH0Frm+tcZMnp4bfDFtxhSrQ8BUVV
cHPK69iYIRmVrlNyjF0bAjv66EmbyZGorfjZ9ZW4jsQXsyZBvQBPuBgK4JSjvpgVTX7h
5hHQ==
ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
s=arc-20240605;
h=errors-to:list-subscribe:list-help:list-post:list-archive
:list-unsubscribe:list-id:precedence:content-transfer-encoding
:mime-version:message-id:date:subject:cc:to:from:dkim-signature
:dkim-filter:arc-filter:dmarc-filter:delivered-to:dkim-filter;
bh=qirI0uEe8u9bEomzmA8ETcHEzXLmA2CJz/53zOGE96c=;
fh=5vlP+0ToNsZNUEx4IDYFBtVkL7R0+LPY9AvG1oUICyQ=;
b=Q0u4UmOOSgcbQlgontl8jOCHIDPLdqPlChuQLdCQhS5dHXInSr82OtczrKRdsSZ6bo
uoEBQz6pVg/uSKaBtL6ZvAydHqvvwZaZ0QWU9b7wXloIc/N/9jbw8nPASgxOK0aIGbgZ
fOXbA/gj3kkYoyCdvAAxS4WqRlTS9TH9TtnoVnHBG+RuQcBmLdy6e55CuCR6IPRhgA8b
HiGeRXbIoLQSe5BBWOTpYBc1DmUHw9kvVBZWAUFuj7nE1PCE+oXDcdPHfwzFfspDsF0S
A2pRodMIQSyxsQW9yAA/pcfi1WGx0g9bxRtkdZsn/06aOuMXvijpd27HZgLZ+nIH6VWK
mTAw==;
dara=google.com
ARC-Authentication-Results: i=2; mx.google.com;
dkim=pass header.i=@linaro.org header.s=google header.b=clwXaYit;
arc=pass (i=1);
spf=pass (google.com: domain of
libc-alpha-bounces~patch=linaro.org@sourceware.org designates
2620:52:3:1:0:246e:9693:128c as permitted sender)
smtp.mailfrom="libc-alpha-bounces~patch=linaro.org@sourceware.org";
dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org
Return-Path: <libc-alpha-bounces~patch=linaro.org@sourceware.org>
Received: from server2.sourceware.org (server2.sourceware.org.
[2620:52:3:1:0:246e:9693:128c])
by mx.google.com with ESMTPS id
6a1803df08f44-6d8821618c8si1268816d6.504.2024.11.28.09.39.28
for <patch@linaro.org>
(version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
Thu, 28 Nov 2024 09:39:28 -0800 (PST)
Received-SPF: pass (google.com: domain of
libc-alpha-bounces~patch=linaro.org@sourceware.org designates
2620:52:3:1:0:246e:9693:128c as permitted sender)
client-ip=2620:52:3:1:0:246e:9693:128c;
Authentication-Results: mx.google.com;
dkim=pass header.i=@linaro.org header.s=google header.b=clwXaYit;
arc=pass (i=1);
spf=pass (google.com: domain of
libc-alpha-bounces~patch=linaro.org@sourceware.org designates
2620:52:3:1:0:246e:9693:128c as permitted sender)
smtp.mailfrom="libc-alpha-bounces~patch=linaro.org@sourceware.org";
dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org
Received: from server2.sourceware.org (localhost [IPv6:::1])
by sourceware.org (Postfix) with ESMTP id DAB1D3858C2B
for <patch@linaro.org>; Thu, 28 Nov 2024 17:39:27 +0000 (GMT)
DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org DAB1D3858C2B
Authentication-Results: sourceware.org;
dkim=pass (2048-bit key,
unprotected) header.d=linaro.org header.i=@linaro.org header.a=rsa-sha256
header.s=google header.b=clwXaYit
X-Original-To: libc-alpha@sourceware.org
Delivered-To: libc-alpha@sourceware.org
Received: from mail-pg1-x543.google.com (mail-pg1-x543.google.com
[IPv6:2607:f8b0:4864:20::543])
by sourceware.org (Postfix) with ESMTPS id C68453858C48
for <libc-alpha@sourceware.org>; Thu, 28 Nov 2024 17:38:56 +0000 (GMT)
DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org C68453858C48
Authentication-Results: sourceware.org;
dmarc=pass (p=none dis=none) header.from=linaro.org
Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=linaro.org
ARC-Filter: OpenARC Filter v1.0.0 sourceware.org C68453858C48
Authentication-Results: server2.sourceware.org;
arc=none smtp.remote-ip=2607:f8b0:4864:20::543
ARC-Seal: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1732815537; cv=none;
b=bcX+NVHWju79v5z/O61UqC/BUyZHzFIXP6ZQ6l81teDvLSapnxB/bImzsswwU0mvZ7/SvmR755odgXv3Jw9sdlVAOpfo0JYWmvv/eRS7g0v5c29tWp2t3AfePCF7mHUc1UhmzAC9DEB+BA5YFWmYjZYScfinBO0yYt4QFbvHblE=
ARC-Message-Signature: i=1; a=rsa-sha256; d=sourceware.org; s=key;
t=1732815537; c=relaxed/simple;
bh=NrcPg9DyxoQv9thXQjG+33+l51IOciDJzQ6gC4QDKN8=;
h=DKIM-Signature:From:To:Subject:Date:Message-ID:MIME-Version;
b=nt08WzmFwnClCmu+2KqiFR8yvzkFzpIN7bj+PCQu+XNl/q99Ao6WRDBTtMxFJh55KLXAf0LI1u0kpF8Aqzvwm5Z/NEOsUXD2NVZIlwbWmc+GjLbQBsuUnA/cYJTtY5EG/FOKIfZcAW/B5BTxxK7kWZ3M7mBKMIWGdavpzZQgsto=
ARC-Authentication-Results: i=1; server2.sourceware.org
DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org C68453858C48
Received: by mail-pg1-x543.google.com with SMTP id
41be03b00d2f7-7fc41b4c78bso607551a12.3
for <libc-alpha@sourceware.org>; Thu, 28 Nov 2024 09:38:56 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=linaro.org; s=google; t=1732815535; x=1733420335; darn=sourceware.org;
h=content-transfer-encoding:mime-version:message-id:date:subject:cc
:to:from:from:to:cc:subject:date:message-id:reply-to;
bh=qirI0uEe8u9bEomzmA8ETcHEzXLmA2CJz/53zOGE96c=;
b=clwXaYitrxJlV3shKuOgDMtJdakAYVn5PVT42e9EqvprVXt7gno7tuSqr0LJMvJy4f
Q5EWErA30HDpZhGZWUnWe/i8Mvvav740q4uSQJAFn9/uAMdra43W5cBUKLyGcE3a18jQ
r8cC77urFhfCENqJd6jspJ7Tm1LufZxCxgPrc9ZxJYvMzrlCNPjyByq4kKV+8pO5DgD9
XETeixNZCz73YlymSJTXVrIB8b3MpQwsLcRvcIKf4KGmP+yioEflXJWHb5NxJ4LKiljp
MPUQrtTk96/ypcuKw9f3iSdk3Ac2iqVBNvVAh76TouI5vj5MvjO/IY2KEBJPhMNFIy84
fcvw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20230601; t=1732815535; x=1733420335;
h=content-transfer-encoding:mime-version:message-id:date:subject:cc
:to:from:x-gm-message-state:from:to:cc:subject:date:message-id
:reply-to;
bh=qirI0uEe8u9bEomzmA8ETcHEzXLmA2CJz/53zOGE96c=;
b=k+X0BabhidA3HFkY0Q3Ml7DoAX85HN9SDvIj/Dq1n3OUyh3e57BFNN36nDEzyxxTFZ
mdfurVLRYIwVNx4cCPkBFbZKeeeNs3ic/uRMPRX9LwvZjJvbq6lVB3+nhOXHbLeT2jO8
+EwAblRwCEen48d1xefxnAqCsbjTXxRpNRViLvI94ORDtQMhk+HnR4oIH3sAW3o6eSH6
meNrSv8AspPZP230vAgsfB0DKZM6N9OnkzQu7iuAQLwV9D+/tpbn2eo2r0pFN+WG4DkH
R6QahaONx6oxEzRt9fP2AhzOenS1wGFw7J3vMlBtflwrEnaJL3oGqXM5ngIQze5NyU2R
awIg==
X-Gm-Message-State: AOJu0YyT5IrZ7VJw5O/vkpY/MkRnXUEae1wLkhyOkwjomsDUt7IptOK7
oymvzpC+G7rfw9wTWC/qKLPhRbSmH4QMICNG4LDjWJOf1eGMJv4kpAk+gzFBnYSfdSB50qoPVFy
NqBWC0SgY
X-Gm-Gg: ASbGncupWdxVsS5ZVrIhU2cz2I4Xo9yGwyh+2YIDGpp7i8v9vEjDeByP+RY6P5OFK7z
/6mSy8IXwf3TuG7XDZwltuTh/U5SP2j9P/NUQcdm7NcW01f0AyKWcPyu1dEMkfrX9cTTVqIvJGs
WAIUjUy85u3s6GsfpM9xBz7kFxAcQuNf6JH94JiVfH5p+UBLv6IS3J2YQ9gveRwZBrP9ueakTmi
pz7fp/1xAQV7qYrihB8mZzTdGM33UMDJ4g4XOENpMbIPOMtY0tVWZnYnTRXu7s=
X-Received: by 2002:a05:6a20:9185:b0:1db:e5ac:1fc0 with SMTP id
adf61e73a8af0-1e0e0b28192mr12950939637.24.1732815535337;
Thu, 28 Nov 2024 09:38:55 -0800 (PST)
Received: from mandiga.. ([2804:1b3:a7c1:68c8:2c85:3a76:728e:ead2])
by smtp.gmail.com with ESMTPSA id
d2e1a72fcca58-72541849d6csm1860356b3a.182.2024.11.28.09.38.53
(version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
Thu, 28 Nov 2024 09:38:54 -0800 (PST)
From: Adhemerval Zanella <adhemerval.zanella@linaro.org>
To: libc-alpha@sourceware.org
Cc: Florian Weimer <fweimer@redhat.com>
Subject: [PATCH v5 0/4] Improve executable stack handling
Date: Thu, 28 Nov 2024 14:36:41 -0300
Message-ID: <20241128173851.1920696-1-adhemerval.zanella@linaro.org>
X-Mailer: git-send-email 2.43.0
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-BeenThere: libc-alpha@sourceware.org
X-Mailman-Version: 2.1.30
Precedence: list
List-Id: Libc-alpha mailing list <libc-alpha.sourceware.org>
List-Unsubscribe: <https://sourceware.org/mailman/options/libc-alpha>,
<mailto:libc-alpha-request@sourceware.org?subject=unsubscribe>
List-Archive: <https://sourceware.org/pipermail/libc-alpha/>
List-Post: <mailto:libc-alpha@sourceware.org>
List-Help: <mailto:libc-alpha-request@sourceware.org?subject=help>
List-Subscribe: <https://sourceware.org/mailman/listinfo/libc-alpha>,
<mailto:libc-alpha-request@sourceware.org?subject=subscribe>
Errors-To: libc-alpha-bounces~patch=linaro.org@sourceware.org
|
| Series |
Improve executable stack handling
|
expand
|
If some shared library loaded with dlopen/dlmopen requires an executable stack, either implicitly because of a missing GNU_STACK ELF header (where the ABI default flags implies in the executable bit) or explicitly because of the executable bit from GNU_STACK; the loader will try to set the both the main thread and all thread stacks (from the pthread cache) as executable. Besides the issue where any executable stack transition failure does not undo the previous transitions (meaning that if the library fails to load, there can be thread stacks with executable stacks), this behavior was used on recent CVE [1] as a vector for RCE. The patchset changes the behavior where if a shared library requires an executable stack, and the current stack is not executable, dlopen fails. The change is done only for dynamically loaded modules, if the program or any dependency requires an executable stack, the loader will still change the main thread before program execution and any thread created with default stack configuration. The patchset also adds a tunable, glibc.rtld.execstack, which can control whether executable stacks are allowed from either the main program or dependencies. The default is to enable executable stacks. The executable stacks default permission is checked against the one provided by the PT_GNU_STACK from program headers (if present). The tunable also disables the stack permission change if any dependency requires an executable stack at loading time. [1] https://www.qualys.com/2023/07/19/cve-2023-38408/rce-openssh-forwarded-ssh-agent.txt -- Changes from v4: - Rebased against master. - Also adapt the new semantic for Hurd. - Fixed the new tests to only run is make check is instructed to run the tests. Changed from v3: - Rebased against master. - Improve the NEWS entry wording. Changes from v2: - Removed the dlopen executable stack support. - Allow program and dependencies with executable stack as default. - Rename tunable from glibc.rtld.noexecstack to glibc.rtld.execstack. Changes from v1: - Fixed tests invocation without --enable-hardcoded-path-in-tests. - Added hurd, hppa, mips exceptions. Adhemerval Zanella (4): elf: Consolidate stackinfo.h elf: Do not change stack permission on dlopen/dlmopen elf: Add tst-execstack-prog-static elf: Add glibc.rtld.execstack NEWS | 11 ++ elf/Makefile | 51 +++++++ elf/dl-load.c | 15 ++- elf/dl-support.c | 9 +- elf/dl-tunables.list | 6 + elf/rtld.c | 10 +- elf/tst-execstack-prog-static.c | 1 + elf/tst-execstack.c | 142 ++++++++------------ elf/tst-rtld-list-tunables.exp | 1 + manual/tunables.texi | 19 +++ nptl/allocatestack.c | 19 --- sysdeps/aarch64/stackinfo.h | 33 ----- sysdeps/arc/stackinfo.h | 33 ----- sysdeps/csky/stackinfo.h | 29 ---- sysdeps/generic/ldsodefs.h | 22 +-- sysdeps/generic/stackinfo.h | 15 ++- sysdeps/loongarch/stackinfo.h | 33 ----- sysdeps/mach/hurd/dl-execstack.c | 1 - sysdeps/nptl/pthreadP.h | 6 - sysdeps/powerpc/{ => powerpc32}/stackinfo.h | 8 +- sysdeps/riscv/stackinfo.h | 33 ----- sysdeps/unix/sysv/linux/Versions | 3 - sysdeps/unix/sysv/linux/dl-execstack.c | 67 +-------- sysdeps/unix/sysv/linux/mips/Makefile | 7 + 24 files changed, 187 insertions(+), 387 deletions(-) create mode 100644 elf/tst-execstack-prog-static.c delete mode 100644 sysdeps/aarch64/stackinfo.h delete mode 100644 sysdeps/arc/stackinfo.h delete mode 100644 sysdeps/csky/stackinfo.h delete mode 100644 sysdeps/loongarch/stackinfo.h rename sysdeps/powerpc/{ => powerpc32}/stackinfo.h (82%) delete mode 100644 sysdeps/riscv/stackinfo.h