This is the mail archive of the
glibc-bugs@sourceware.org
mailing list for the glibc project.
[Bug libc/12492] New: dl: RELRO handling crashes when PaX kernel enforces MPROTECT restrictions
- From: "linkfanel at yahoo dot fr" <sourceware-bugzilla at sourceware dot org>
- To: glibc-bugs at sources dot redhat dot com
- Date: Tue, 15 Feb 2011 14:44:43 +0000
- Subject: [Bug libc/12492] New: dl: RELRO handling crashes when PaX kernel enforces MPROTECT restrictions
- Auto-submitted: auto-generated
http://sourceware.org/bugzilla/show_bug.cgi?id=12492
Summary: dl: RELRO handling crashes when PaX kernel enforces
MPROTECT restrictions
Product: glibc
Version: 2.11
Status: NEW
Severity: normal
Priority: P2
Component: libc
AssignedTo: drepper.fsp@gmail.com
ReportedBy: linkfanel@yahoo.fr
Created attachment 5242
--> http://sourceware.org/bugzilla/attachment.cgi?id=5242
Proposed fix
See Debian bug http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=611195
When dlopen'ing a library that needs to make the stack executable, the RELRO
section is made writable again to modify the __stack_prot variable. However,
the return value of the mprotect() call is not checked; so if mprotect() fails,
instead of gracefully handling the error, the dynamic loader tries to write to
__stack_prot anyway, which results in a segmentation fault. And this mprotect()
call *will* fail on PaX kernels that enforce restrictions on it.
The simple fix is to check the return value and simply fail to load the
problematic library, instead of crashing the whole process. And it's just good
programming practice.
--
Configure bugmail: http://sourceware.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.