From patchwork Thu Nov 28 17:36:41 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Adhemerval Zanella X-Patchwork-Id: 845950 Delivered-To: patch@linaro.org Received: by 2002:adf:f2c4:0:b0:382:43a8:7b94 with SMTP id d4csp376783wrp; Thu, 28 Nov 2024 09:39:28 -0800 (PST) X-Forwarded-Encrypted: i=3; AJvYcCXiWSSh/NBTU7EYI85oqhyan1ln6P6Ujx6IupNq0vZ7roVGdLtfLgi225NjtqQuqCX2cebaIw==@linaro.org X-Google-Smtp-Source: AGHT+IHaUrCGpK85Aa8flW2PG5x9krWeQK8wbfK4eVjv91DtJuVbXvOzi3DpAjfglolfGvW4PiWN X-Received: by 2002:a05:6214:2424:b0:6d4:e0a:230e with SMTP id 6a1803df08f44-6d864d26013mr124456676d6.16.1732815568302; Thu, 28 Nov 2024 09:39:28 -0800 (PST) ARC-Seal: i=2; a=rsa-sha256; t=1732815568; cv=pass; d=google.com; s=arc-20240605; b=gfZ/A3XIJldzcTZdM3IbvSzAFXk1N4TQV6IkXDIt0vksEl1nlU9ZODq28CqocRQPzq R8jGLMwBTFAKP/iVzjBstl3E5T7r/Zv3+EHLGs54LECkA/2U/u5mO5530gvUwMACyFhn NN3PaRmemdXhbEtsJi1c/X2yfoIJoUlmehAeT6/2e3lmJFlC6LiHxUGgmYViqAgnAMo6 gnGFQbpk5tBsHARvSO8AND43Dvr2xhnV7qR/Y8kjH0Frm+tcZMnp4bfDFtxhSrQ8BUVV cHPK69iYIRmVrlNyjF0bAjv66EmbyZGorfjZ9ZW4jsQXsyZBvQBPuBgK4JSjvpgVTX7h 5hHQ== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:content-transfer-encoding :mime-version:message-id:date:subject:cc:to:from:dkim-signature :dkim-filter:arc-filter:dmarc-filter:delivered-to:dkim-filter; bh=qirI0uEe8u9bEomzmA8ETcHEzXLmA2CJz/53zOGE96c=; fh=5vlP+0ToNsZNUEx4IDYFBtVkL7R0+LPY9AvG1oUICyQ=; b=Q0u4UmOOSgcbQlgontl8jOCHIDPLdqPlChuQLdCQhS5dHXInSr82OtczrKRdsSZ6bo uoEBQz6pVg/uSKaBtL6ZvAydHqvvwZaZ0QWU9b7wXloIc/N/9jbw8nPASgxOK0aIGbgZ fOXbA/gj3kkYoyCdvAAxS4WqRlTS9TH9TtnoVnHBG+RuQcBmLdy6e55CuCR6IPRhgA8b HiGeRXbIoLQSe5BBWOTpYBc1DmUHw9kvVBZWAUFuj7nE1PCE+oXDcdPHfwzFfspDsF0S A2pRodMIQSyxsQW9yAA/pcfi1WGx0g9bxRtkdZsn/06aOuMXvijpd27HZgLZ+nIH6VWK mTAw==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=clwXaYit; arc=pass (i=1); spf=pass (google.com: domain of libc-alpha-bounces~patch=linaro.org@sourceware.org designates 2620:52:3:1:0:246e:9693:128c as permitted sender) smtp.mailfrom="libc-alpha-bounces~patch=linaro.org@sourceware.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from server2.sourceware.org (server2.sourceware.org. [2620:52:3:1:0:246e:9693:128c]) by mx.google.com with ESMTPS id 6a1803df08f44-6d8821618c8si1268816d6.504.2024.11.28.09.39.28 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 28 Nov 2024 09:39:28 -0800 (PST) Received-SPF: pass (google.com: domain of libc-alpha-bounces~patch=linaro.org@sourceware.org designates 2620:52:3:1:0:246e:9693:128c as permitted sender) client-ip=2620:52:3:1:0:246e:9693:128c; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=clwXaYit; arc=pass (i=1); spf=pass (google.com: domain of libc-alpha-bounces~patch=linaro.org@sourceware.org designates 2620:52:3:1:0:246e:9693:128c as permitted sender) smtp.mailfrom="libc-alpha-bounces~patch=linaro.org@sourceware.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: from server2.sourceware.org (localhost [IPv6:::1]) by sourceware.org (Postfix) with ESMTP id DAB1D3858C2B for ; Thu, 28 Nov 2024 17:39:27 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org DAB1D3858C2B Authentication-Results: sourceware.org; dkim=pass (2048-bit key, unprotected) header.d=linaro.org header.i=@linaro.org header.a=rsa-sha256 header.s=google header.b=clwXaYit X-Original-To: libc-alpha@sourceware.org Delivered-To: libc-alpha@sourceware.org Received: from mail-pg1-x543.google.com (mail-pg1-x543.google.com [IPv6:2607:f8b0:4864:20::543]) by sourceware.org (Postfix) with ESMTPS id C68453858C48 for ; Thu, 28 Nov 2024 17:38:56 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org C68453858C48 Authentication-Results: sourceware.org; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=linaro.org ARC-Filter: OpenARC Filter v1.0.0 sourceware.org C68453858C48 Authentication-Results: server2.sourceware.org; arc=none smtp.remote-ip=2607:f8b0:4864:20::543 ARC-Seal: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1732815537; cv=none; b=bcX+NVHWju79v5z/O61UqC/BUyZHzFIXP6ZQ6l81teDvLSapnxB/bImzsswwU0mvZ7/SvmR755odgXv3Jw9sdlVAOpfo0JYWmvv/eRS7g0v5c29tWp2t3AfePCF7mHUc1UhmzAC9DEB+BA5YFWmYjZYScfinBO0yYt4QFbvHblE= ARC-Message-Signature: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1732815537; c=relaxed/simple; bh=NrcPg9DyxoQv9thXQjG+33+l51IOciDJzQ6gC4QDKN8=; h=DKIM-Signature:From:To:Subject:Date:Message-ID:MIME-Version; b=nt08WzmFwnClCmu+2KqiFR8yvzkFzpIN7bj+PCQu+XNl/q99Ao6WRDBTtMxFJh55KLXAf0LI1u0kpF8Aqzvwm5Z/NEOsUXD2NVZIlwbWmc+GjLbQBsuUnA/cYJTtY5EG/FOKIfZcAW/B5BTxxK7kWZ3M7mBKMIWGdavpzZQgsto= ARC-Authentication-Results: i=1; server2.sourceware.org DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org C68453858C48 Received: by mail-pg1-x543.google.com with SMTP id 41be03b00d2f7-7fc41b4c78bso607551a12.3 for ; Thu, 28 Nov 2024 09:38:56 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; t=1732815535; x=1733420335; darn=sourceware.org; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:from:to:cc:subject:date:message-id:reply-to; bh=qirI0uEe8u9bEomzmA8ETcHEzXLmA2CJz/53zOGE96c=; b=clwXaYitrxJlV3shKuOgDMtJdakAYVn5PVT42e9EqvprVXt7gno7tuSqr0LJMvJy4f Q5EWErA30HDpZhGZWUnWe/i8Mvvav740q4uSQJAFn9/uAMdra43W5cBUKLyGcE3a18jQ r8cC77urFhfCENqJd6jspJ7Tm1LufZxCxgPrc9ZxJYvMzrlCNPjyByq4kKV+8pO5DgD9 XETeixNZCz73YlymSJTXVrIB8b3MpQwsLcRvcIKf4KGmP+yioEflXJWHb5NxJ4LKiljp MPUQrtTk96/ypcuKw9f3iSdk3Ac2iqVBNvVAh76TouI5vj5MvjO/IY2KEBJPhMNFIy84 fcvw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1732815535; x=1733420335; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=qirI0uEe8u9bEomzmA8ETcHEzXLmA2CJz/53zOGE96c=; b=k+X0BabhidA3HFkY0Q3Ml7DoAX85HN9SDvIj/Dq1n3OUyh3e57BFNN36nDEzyxxTFZ mdfurVLRYIwVNx4cCPkBFbZKeeeNs3ic/uRMPRX9LwvZjJvbq6lVB3+nhOXHbLeT2jO8 +EwAblRwCEen48d1xefxnAqCsbjTXxRpNRViLvI94ORDtQMhk+HnR4oIH3sAW3o6eSH6 meNrSv8AspPZP230vAgsfB0DKZM6N9OnkzQu7iuAQLwV9D+/tpbn2eo2r0pFN+WG4DkH R6QahaONx6oxEzRt9fP2AhzOenS1wGFw7J3vMlBtflwrEnaJL3oGqXM5ngIQze5NyU2R awIg== X-Gm-Message-State: AOJu0YyT5IrZ7VJw5O/vkpY/MkRnXUEae1wLkhyOkwjomsDUt7IptOK7 oymvzpC+G7rfw9wTWC/qKLPhRbSmH4QMICNG4LDjWJOf1eGMJv4kpAk+gzFBnYSfdSB50qoPVFy NqBWC0SgY X-Gm-Gg: ASbGncupWdxVsS5ZVrIhU2cz2I4Xo9yGwyh+2YIDGpp7i8v9vEjDeByP+RY6P5OFK7z /6mSy8IXwf3TuG7XDZwltuTh/U5SP2j9P/NUQcdm7NcW01f0AyKWcPyu1dEMkfrX9cTTVqIvJGs WAIUjUy85u3s6GsfpM9xBz7kFxAcQuNf6JH94JiVfH5p+UBLv6IS3J2YQ9gveRwZBrP9ueakTmi pz7fp/1xAQV7qYrihB8mZzTdGM33UMDJ4g4XOENpMbIPOMtY0tVWZnYnTRXu7s= X-Received: by 2002:a05:6a20:9185:b0:1db:e5ac:1fc0 with SMTP id adf61e73a8af0-1e0e0b28192mr12950939637.24.1732815535337; Thu, 28 Nov 2024 09:38:55 -0800 (PST) Received: from mandiga.. ([2804:1b3:a7c1:68c8:2c85:3a76:728e:ead2]) by smtp.gmail.com with ESMTPSA id d2e1a72fcca58-72541849d6csm1860356b3a.182.2024.11.28.09.38.53 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 28 Nov 2024 09:38:54 -0800 (PST) From: Adhemerval Zanella To: libc-alpha@sourceware.org Cc: Florian Weimer Subject: [PATCH v5 0/4] Improve executable stack handling Date: Thu, 28 Nov 2024 14:36:41 -0300 Message-ID: <20241128173851.1920696-1-adhemerval.zanella@linaro.org> X-Mailer: git-send-email 2.43.0 MIME-Version: 1.0 X-BeenThere: libc-alpha@sourceware.org X-Mailman-Version: 2.1.30 Precedence: list List-Id: Libc-alpha mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: libc-alpha-bounces~patch=linaro.org@sourceware.org If some shared library loaded with dlopen/dlmopen requires an executable stack, either implicitly because of a missing GNU_STACK ELF header (where the ABI default flags implies in the executable bit) or explicitly because of the executable bit from GNU_STACK; the loader will try to set the both the main thread and all thread stacks (from the pthread cache) as executable. Besides the issue where any executable stack transition failure does not undo the previous transitions (meaning that if the library fails to load, there can be thread stacks with executable stacks), this behavior was used on recent CVE [1] as a vector for RCE. The patchset changes the behavior where if a shared library requires an executable stack, and the current stack is not executable, dlopen fails. The change is done only for dynamically loaded modules, if the program or any dependency requires an executable stack, the loader will still change the main thread before program execution and any thread created with default stack configuration. The patchset also adds a tunable, glibc.rtld.execstack, which can control whether executable stacks are allowed from either the main program or dependencies. The default is to enable executable stacks. The executable stacks default permission is checked against the one provided by the PT_GNU_STACK from program headers (if present). The tunable also disables the stack permission change if any dependency requires an executable stack at loading time. [1] https://www.qualys.com/2023/07/19/cve-2023-38408/rce-openssh-forwarded-ssh-agent.txt --- Changes from v4: - Rebased against master. - Also adapt the new semantic for Hurd. - Fixed the new tests to only run is make check is instructed to run the tests. Changed from v3: - Rebased against master. - Improve the NEWS entry wording. Changes from v2: - Removed the dlopen executable stack support. - Allow program and dependencies with executable stack as default. - Rename tunable from glibc.rtld.noexecstack to glibc.rtld.execstack. Changes from v1: - Fixed tests invocation without --enable-hardcoded-path-in-tests. - Added hurd, hppa, mips exceptions. Adhemerval Zanella (4): elf: Consolidate stackinfo.h elf: Do not change stack permission on dlopen/dlmopen elf: Add tst-execstack-prog-static elf: Add glibc.rtld.execstack NEWS | 11 ++ elf/Makefile | 51 +++++++ elf/dl-load.c | 15 ++- elf/dl-support.c | 9 +- elf/dl-tunables.list | 6 + elf/rtld.c | 10 +- elf/tst-execstack-prog-static.c | 1 + elf/tst-execstack.c | 142 ++++++++------------ elf/tst-rtld-list-tunables.exp | 1 + manual/tunables.texi | 19 +++ nptl/allocatestack.c | 19 --- sysdeps/aarch64/stackinfo.h | 33 ----- sysdeps/arc/stackinfo.h | 33 ----- sysdeps/csky/stackinfo.h | 29 ---- sysdeps/generic/ldsodefs.h | 22 +-- sysdeps/generic/stackinfo.h | 15 ++- sysdeps/loongarch/stackinfo.h | 33 ----- sysdeps/mach/hurd/dl-execstack.c | 1 - sysdeps/nptl/pthreadP.h | 6 - sysdeps/powerpc/{ => powerpc32}/stackinfo.h | 8 +- sysdeps/riscv/stackinfo.h | 33 ----- sysdeps/unix/sysv/linux/Versions | 3 - sysdeps/unix/sysv/linux/dl-execstack.c | 67 +-------- sysdeps/unix/sysv/linux/mips/Makefile | 7 + 24 files changed, 187 insertions(+), 387 deletions(-) create mode 100644 elf/tst-execstack-prog-static.c delete mode 100644 sysdeps/aarch64/stackinfo.h delete mode 100644 sysdeps/arc/stackinfo.h delete mode 100644 sysdeps/csky/stackinfo.h delete mode 100644 sysdeps/loongarch/stackinfo.h rename sysdeps/powerpc/{ => powerpc32}/stackinfo.h (82%) delete mode 100644 sysdeps/riscv/stackinfo.h