From patchwork Mon Dec 23 14:49:10 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Adhemerval Zanella X-Patchwork-Id: 853073 Delivered-To: patch@linaro.org Received: by 2002:a5d:4888:0:b0:385:e875:8a9e with SMTP id g8csp3433527wrq; Mon, 23 Dec 2024 06:50:32 -0800 (PST) X-Forwarded-Encrypted: i=3; AJvYcCWX0zj5qaLUqkbU0OdCkv0EtBAWhfhfIFAjtz8rkUNQvyfoZvhm7B7NAAHiXNm+a3yVyY0+CA==@linaro.org X-Google-Smtp-Source: AGHT+IHiAyk4jROd1HaRXidlU7ySYG+ukgcy4ZrIqkIUWhqJrloY87qFX6zVnAGTM8asUyDxPQHS X-Received: by 2002:ac8:5dcd:0:b0:460:9b2b:e8b5 with SMTP id d75a77b69052e-46a4a8baef4mr244362781cf.4.1734965432287; Mon, 23 Dec 2024 06:50:32 -0800 (PST) ARC-Seal: i=2; a=rsa-sha256; t=1734965432; cv=pass; d=google.com; s=arc-20240605; b=gOC8Pt3GqJxNJrtGJwEi5bTaOIcBQKadrE1aSp64+PCBWSrvCARMtBYx9ukBqnMAL4 aOmZHDdILzJeazxpEf/3cfC/Yia2NU101Wd3fupC/kv1MzJWocsBZT9+j0bT7V1ZGcjO UihARWFTYmIpC0HIspa+K+wBEzaiaFezl0+XHSeQJq8tskFqhrHnrt4WT8cj9nUD/lj6 bbzx9qFtecthuQRpFiCsGBWMNIZLgNxv7TvY/Hazx/k0v4LmMUHq1WTk6U8z73Jff6s4 QsGq0W7ns0tCIrAesBzM8JH756EaqyuhmEn3tMWgm5v7sO5Qbh7mqXDK80q7zA5z7HH/ M7hg== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:content-transfer-encoding :mime-version:message-id:date:subject:cc:to:from:dkim-signature :dkim-filter:arc-filter:dmarc-filter:delivered-to:dkim-filter; bh=ftpzjqyfI+mhbDuN7pgPIGOxiB87ti75asPow78EeVE=; fh=xV8Gp349bHw1ljD2lFQRwhGaJ4bIEzpeFyS/N97S3Sw=; b=gXQUiwbuFzJPnGwkih9FvU0ahVp7WRFwh5k6KFnPB7kbf835Q80UpY1J2mAZqH8lfk G2adi8sz+KrbNjoJKbpWFPSQkBIevAFI1DfVY+feaHFX7t83crcpGNyft+jHZPV7lxV7 1hiI1jOb0X6SY7KPK+cjkD24oxxGqAlzCDw/KKIqnty9mO63is7SkBxSOLbvLmAunKZ0 93fJF+rQmoyb7mL6gk0wLM5JGyJaVUObISznLQHXarpx3AEVU5BqgzLbe4NPXms/+XyZ xtAkKTQ5+7lTtAFbuCgrbr8wB4mtQ+mCKKxBcho/3bZUIHE/c944+ndJk87s32z/EBWU i/dQ==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=MMxXj+V9; arc=pass (i=1); spf=pass (google.com: domain of libc-alpha-bounces~patch=linaro.org@sourceware.org designates 2620:52:3:1:0:246e:9693:128c as permitted sender) smtp.mailfrom="libc-alpha-bounces~patch=linaro.org@sourceware.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from server2.sourceware.org (server2.sourceware.org. [2620:52:3:1:0:246e:9693:128c]) by mx.google.com with ESMTPS id d75a77b69052e-46a3ec05bb9si114793451cf.720.2024.12.23.06.50.32 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 23 Dec 2024 06:50:32 -0800 (PST) Received-SPF: pass (google.com: domain of libc-alpha-bounces~patch=linaro.org@sourceware.org designates 2620:52:3:1:0:246e:9693:128c as permitted sender) client-ip=2620:52:3:1:0:246e:9693:128c; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=MMxXj+V9; arc=pass (i=1); spf=pass (google.com: domain of libc-alpha-bounces~patch=linaro.org@sourceware.org designates 2620:52:3:1:0:246e:9693:128c as permitted sender) smtp.mailfrom="libc-alpha-bounces~patch=linaro.org@sourceware.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: from server2.sourceware.org (localhost [IPv6:::1]) by sourceware.org (Postfix) with ESMTP id B98BA3858D1E for ; Mon, 23 Dec 2024 14:50:31 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org B98BA3858D1E Authentication-Results: sourceware.org; dkim=pass (2048-bit key, unprotected) header.d=linaro.org header.i=@linaro.org header.a=rsa-sha256 header.s=google header.b=MMxXj+V9 X-Original-To: libc-alpha@sourceware.org Delivered-To: libc-alpha@sourceware.org Received: from mail-pf1-x42f.google.com (mail-pf1-x42f.google.com [IPv6:2607:f8b0:4864:20::42f]) by sourceware.org (Postfix) with ESMTPS id 4A4753858D1E for ; Mon, 23 Dec 2024 14:50:02 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org 4A4753858D1E Authentication-Results: sourceware.org; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=linaro.org ARC-Filter: OpenARC Filter v1.0.0 sourceware.org 4A4753858D1E Authentication-Results: server2.sourceware.org; arc=none smtp.remote-ip=2607:f8b0:4864:20::42f ARC-Seal: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1734965402; cv=none; b=elmVc5ctTEE2WSKBJay6lSZTn5bodklyy+Bd/XGRAuRgkvjrMhHhWbBChaHiuER5EWs/ynKEPmbzcaTy1hIYD9gmqrSY7fscznsBHK0tJ1q7g/vAAYaqExpAss+imRlEaaD82eV9Rz9HbGqtLh5x31QVlZQyxm6hGEtxzBBs7dk= ARC-Message-Signature: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1734965402; c=relaxed/simple; bh=2YpHKSI9a10Aro5PN0BzfGVl34FqY+GGVz0xGhsdEiQ=; h=DKIM-Signature:From:To:Subject:Date:Message-ID:MIME-Version; b=rjJPjDZp+ciLvZeg6Vu2CIG0qfmdg+6jRnlZCjz6JBg6VhjPgrTRXEAU09HdInXren47lhxt76D8UliNWuQqOgQsAeOR79LSyRC9nekok96FT6KUJBNmFpw2TZgXq5xMEMw99knAgnHo1Ytl5RCtWryTTpBJ0TLIomVKLWQV7QU= ARC-Authentication-Results: i=1; server2.sourceware.org DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 4A4753858D1E Received: by mail-pf1-x42f.google.com with SMTP id d2e1a72fcca58-728eccf836bso3649638b3a.1 for ; Mon, 23 Dec 2024 06:50:02 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; t=1734965401; x=1735570201; darn=sourceware.org; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:from:to:cc:subject:date:message-id:reply-to; bh=ftpzjqyfI+mhbDuN7pgPIGOxiB87ti75asPow78EeVE=; b=MMxXj+V9pJyc1HO6Ui61xvWLshv+Vmg+SyLNd1AB/tQJC8F4o50BBfRUnLu0OhIyvo YhyY45FKCm9eFua5nU3Yml3sO59RiwEYiH8vUQ0v8eavFy/XHxKu0rciL57tPoaktHl0 4C2PxcHj/sSvxk8izb1eh5LzoyhLoHQDABV3xgSisYUrM3TmIgp6fho3qT+FMs7qvNG7 S6U9jG9Q27NSvuVBKF7OunHbJrD4pRBebQdrHVAZ0E79JKAAi52WxQT2sU4IRQ6Omcvb ykqAXapuWsuHiQl9hgz31V5INbAMh0zUI1+0HJxs4P1fzoTDkBdRYp0r035hpG+xFKS9 eokw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1734965401; x=1735570201; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=ftpzjqyfI+mhbDuN7pgPIGOxiB87ti75asPow78EeVE=; b=Vn91xmoY3ryysSyAa/hHHulEmbjaqG/bQS61LLg0z6sJ4XwWOJbp3LxnsqJuhYkQDb pfgJ4HhqDMqJ4abiueTLR4FqQLNRWsfVHMx+TKIP1rI17lhS/r9/cMIj+OAGJqqhbHzM 6kuKFENUtP9CyuF19yYst5hoLdu2TKScbigk7LSumyivkW+id6DNyRuIfEvXyHnd0t6C CI4+MO/9PAwZT/nfQOdDmXKpdhIZyCJklhYAnBgHCOYl7piefi92reZMJzukFBTDY8qM 8ZHl3asBTe8i8WhX6Lklhd5KEkkJoDBZWTG3PcmQPhpC9dPsiWYmilMWV1IA9tO0VcrT 8IZQ== X-Gm-Message-State: AOJu0YxB1LI7nk4QLxaOh/i5t5FYHzFwdhe6K4KErir0C4GibmwBmKe7 vKLCFs34HVxmQANI/U2trujC/69COuV1vjtXbe+OrqRp3SH2x2NINYSPOUewOV3nJf+kT/y58Jk 6 X-Gm-Gg: ASbGncsCCTFLWMR8qslGpEWIgZt8dxxYdroYlXo+EJB/5Qm4UFvce5RBKJPfcEbtL9T VeqqCFBW1Xc6hRFbMrwpA5aYW5yP5EcwxNmQ0VX0GXmtM1HNT5UkM9J6zMJN2QK9Qo+hdPrz7TC RDXET64Afli0raTT8zJOoOlZjpPjYqenMJ8MlFZw6jP3uOrtVPbMfpr7zCuIsMVB0rDvx47blLx yOgd//BwbpPd80R/hDFPkqElH9CNyGZv4MDug2uQ/YcXLeNl8bEweP+UPTnP2yWg6TICjJhRKHO rKRDd03qSjpWlXxHu18hcGenPA== X-Received: by 2002:a05:6a00:ac3:b0:726:f7c9:7b1e with SMTP id d2e1a72fcca58-72abddcadd6mr16056390b3a.13.1734965400690; Mon, 23 Dec 2024 06:50:00 -0800 (PST) Received: from ubuntu-vm.. (189-69-57-246.dsl.telesp.net.br. [189.69.57.246]) by smtp.gmail.com with ESMTPSA id d2e1a72fcca58-72aad816187sm7930372b3a.16.2024.12.23.06.49.59 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 23 Dec 2024 06:50:00 -0800 (PST) From: Adhemerval Zanella To: libc-alpha@sourceware.org Cc: Florian Weimer , Adhemerval Zanella Subject: [PATCH v6 0/3] Improve executable stack handling Date: Mon, 23 Dec 2024 11:49:10 -0300 Message-ID: <20241223144954.3823971-1-adhemerval.zanella@linaro.org> X-Mailer: git-send-email 2.43.0 MIME-Version: 1.0 X-BeenThere: libc-alpha@sourceware.org X-Mailman-Version: 2.1.30 Precedence: list List-Id: Libc-alpha mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: libc-alpha-bounces~patch=linaro.org@sourceware.org If some shared library loaded with dlopen/dlmopen requires an executable stack, either implicitly because of a missing GNU_STACK ELF header (where the ABI default flags implies in the executable bit) or explicitly because of the executable bit from GNU_STACK; the loader will try to set the both the main thread and all thread stacks (from the pthread cache) as executable. Besides the issue where any executable stack transition failure does not undo the previous transitions (meaning that if the library fails to load, there can be thread stacks with executable stacks), this behavior was used on recent CVE [1] as a vector for RCE. The patchset changes the behavior where if a shared library requires an executable stack, and the current stack is not executable, dlopen fails. The change is done only for dynamically loaded modules, if the program or any dependency requires an executable stack, the loader will still change the main thread before program execution and any thread created with default stack configuration. The patchset also adds a tunable, glibc.rtld.execstack, which can control whether executable stacks are allowed from either the main program or dependencies. The default is to enable executable stacks. The executable stacks default permission is checked against the one provided by the PT_GNU_STACK from program headers (if present). The tunable also disables the stack permission change if any dependency requires an executable stack at loading time. [1] https://www.qualys.com/2023/07/19/cve-2023-38408/rce-openssh-forwarded-ssh-agent.txt --- Changes from v5: - Rebased against master. Changes from v4: - Rebased against master. - Also adapt the new semantic for Hurd. - Fixed the new tests to only run is make check is instructed to run the tests. Changed from v3: - Rebased against master. - Improve the NEWS entry wording. Changes from v2: - Removed the dlopen executable stack support. - Allow program and dependencies with executable stack as default. - Rename tunable from glibc.rtld.noexecstack to glibc.rtld.execstack. Changes from v1: - Fixed tests invocation without --enable-hardcoded-path-in-tests. - Added hurd, hppa, mips exceptions. Adhemerval Zanella (4): elf: Consolidate stackinfo.h elf: Do not change stack permission on dlopen/dlmopen elf: Add tst-execstack-prog-static elf: Add glibc.rtld.execstack Adhemerval Zanella (3): elf: Do not change stack permission on dlopen/dlmopen elf: Add tst-execstack-prog-static elf: Add glibc.rtld.execstack NEWS | 11 ++ elf/Makefile | 51 +++++++++ elf/dl-load.c | 15 +-- elf/dl-support.c | 9 +- elf/dl-tunables.list | 6 ++ elf/rtld.c | 10 +- elf/tst-execstack-prog-static.c | 1 + elf/tst-execstack.c | 142 ++++++++++--------------- elf/tst-rtld-list-tunables.exp | 1 + manual/tunables.texi | 19 ++++ nptl/allocatestack.c | 19 ---- sysdeps/generic/ldsodefs.h | 22 +--- sysdeps/mach/hurd/dl-execstack.c | 1 - sysdeps/nptl/pthreadP.h | 6 -- sysdeps/unix/sysv/linux/Versions | 3 - sysdeps/unix/sysv/linux/dl-execstack.c | 67 +----------- sysdeps/unix/sysv/linux/mips/Makefile | 7 ++ 17 files changed, 174 insertions(+), 216 deletions(-) create mode 100644 elf/tst-execstack-prog-static.c