This is the mail archive of the
glibc-cvs@sourceware.org
mailing list for the glibc project.
GNU C Library master sources branch master updated. glibc-2.20-84-g6bc6bd3
- From: jsm28 at sourceware dot org
- To: glibc-cvs at sourceware dot org
- Date: 10 Oct 2014 11:13:34 -0000
- Subject: GNU C Library master sources branch master updated. glibc-2.20-84-g6bc6bd3
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU C Library master sources".
The branch, master has been updated
via 6bc6bd3b10e6c2fd4c656647aa643919b0519825 (commit)
from b8c80a7e0da28b6e94411ce7d589d2b09674b4b9 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=6bc6bd3b10e6c2fd4c656647aa643919b0519825
commit 6bc6bd3b10e6c2fd4c656647aa643919b0519825
Author: Joseph Myers <joseph@codesourcery.com>
Date: Fri Oct 10 11:13:11 2014 +0000
Don't use INTVARDEF/INTUSE with __libc_enable_secure (bug 14132).
Continuing the removal of the obsolete INTDEF / INTVARDEF / INTUSE
mechanism, this patch replaces its use for __libc_enable_secure with
the use of rtld_hidden_data_def and rtld_hidden_proto.
Tested for x86_64 that installed stripped shared libraries are
unchanged by the patch.
[BZ #14132]
* elf/dl-sysdep.c (__libc_enable_secure): Use rtld_hidden_data_def
instead of INTVARDEF.
(_dl_sysdep_start): Do not use INTUSE with __libc_enable_secure.
* sysdeps/mach/hurd/dl-sysdep.c (__libc_enable_secure): Use
rtld_hidden_data_def instead of INTVARDEF.
(_dl_sysdep_start): Do not use INTUSE with __libc_enable_secure.
* elf/dl-deps.c (expand_dst): Likewise.
* elf/dl-load.c (_dl_dst_count): Likewise.
(_dl_dst_substitute): Likewise.
(decompose_rpath): Likewise.
(_dl_init_paths): Likewise.
(open_path): Likewise.
(_dl_map_object): Likewise.
* elf/rtld.c (dl_main): Likewise.
(process_dl_audit): Likewise.
(process_envvars): Likewise.
* include/unistd.h [IS_IN_rtld] (__libc_enable_secure_internal):
Remove declaration.
(__libc_enable_secure): Use rtld_hidden_proto.
diff --git a/ChangeLog b/ChangeLog
index f0d3d57..86dc991 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,26 @@
+2014-10-10 Joseph Myers <joseph@codesourcery.com>
+
+ [BZ #14132]
+ * elf/dl-sysdep.c (__libc_enable_secure): Use rtld_hidden_data_def
+ instead of INTVARDEF.
+ (_dl_sysdep_start): Do not use INTUSE with __libc_enable_secure.
+ * sysdeps/mach/hurd/dl-sysdep.c (__libc_enable_secure): Use
+ rtld_hidden_data_def instead of INTVARDEF.
+ (_dl_sysdep_start): Do not use INTUSE with __libc_enable_secure.
+ * elf/dl-deps.c (expand_dst): Likewise.
+ * elf/dl-load.c (_dl_dst_count): Likewise.
+ (_dl_dst_substitute): Likewise.
+ (decompose_rpath): Likewise.
+ (_dl_init_paths): Likewise.
+ (open_path): Likewise.
+ (_dl_map_object): Likewise.
+ * elf/rtld.c (dl_main): Likewise.
+ (process_dl_audit): Likewise.
+ (process_envvars): Likewise.
+ * include/unistd.h [IS_IN_rtld] (__libc_enable_secure_internal):
+ Remove declaration.
+ (__libc_enable_secure): Use rtld_hidden_proto.
+
2014-10-09 Kostya Serebryany <konstantin.s.serebryany@gmail.com>
* elf/dl-load.c
diff --git a/elf/dl-deps.c b/elf/dl-deps.c
index f66b266..b34039c 100644
--- a/elf/dl-deps.c
+++ b/elf/dl-deps.c
@@ -108,7 +108,7 @@ struct list
char *__newp; \
\
/* DST must not appear in SUID/SGID programs. */ \
- if (INTUSE(__libc_enable_secure)) \
+ if (__libc_enable_secure) \
_dl_signal_error (0, __str, NULL, N_("\
DST not allowed in SUID/SGID programs")); \
\
diff --git a/elf/dl-load.c b/elf/dl-load.c
index fde7137..9dd40e3 100644
--- a/elf/dl-load.c
+++ b/elf/dl-load.c
@@ -262,7 +262,7 @@ _dl_dst_count (const char *name, int is_path)
is $ORIGIN alone) and it must always appear first in path. */
++name;
if ((len = is_dst (start, name, "ORIGIN", is_path,
- INTUSE(__libc_enable_secure))) != 0
+ __libc_enable_secure)) != 0
|| (len = is_dst (start, name, "PLATFORM", is_path, 0)) != 0
|| (len = is_dst (start, name, "LIB", is_path, 0)) != 0)
++cnt;
@@ -298,10 +298,10 @@ _dl_dst_substitute (struct link_map *l, const char *name, char *result,
++name;
if ((len = is_dst (start, name, "ORIGIN", is_path,
- INTUSE(__libc_enable_secure))) != 0)
+ __libc_enable_secure)) != 0)
{
repl = l->l_origin;
- check_for_trusted = (INTUSE(__libc_enable_secure)
+ check_for_trusted = (__libc_enable_secure
&& l->l_type == lt_executable);
}
else if ((len = is_dst (start, name, "PLATFORM", is_path, 0)) != 0)
@@ -563,7 +563,7 @@ decompose_rpath (struct r_search_path_struct *sps,
/* First see whether we must forget the RUNPATH and RPATH from this
object. */
if (__glibc_unlikely (GLRO(dl_inhibit_rpath) != NULL)
- && !INTUSE(__libc_enable_secure))
+ && !__libc_enable_secure)
{
const char *inhp = GLRO(dl_inhibit_rpath);
@@ -828,7 +828,7 @@ _dl_init_paths (const char *llp)
}
(void) fillin_rpath (llp_tmp, env_path_list.dirs, ":;",
- INTUSE(__libc_enable_secure), "LD_LIBRARY_PATH",
+ __libc_enable_secure, "LD_LIBRARY_PATH",
NULL, l);
if (env_path_list.dirs[0] == NULL)
@@ -1842,7 +1842,7 @@ open_path (const char *name, size_t namelen, int mode,
here_any |= this_dir->status[cnt] != nonexisting;
if (fd != -1 && __glibc_unlikely (mode & __RTLD_SECURE)
- && INTUSE(__libc_enable_secure))
+ && __libc_enable_secure)
{
/* This is an extra security effort to make sure nobody can
preload broken shared objects which are in the trusted
@@ -2054,7 +2054,7 @@ _dl_map_object (struct link_map *loader, const char *name,
#ifdef USE_LDCONFIG
if (fd == -1
&& (__glibc_likely ((mode & __RTLD_SECURE) == 0)
- || ! INTUSE(__libc_enable_secure))
+ || ! __libc_enable_secure)
&& __glibc_likely (GLRO(dl_inhibit_cache) == 0))
{
/* Check the list of libraries in the file /etc/ld.so.cache,
diff --git a/elf/dl-sysdep.c b/elf/dl-sysdep.c
index d8cdb7e..d1a2bd2 100644
--- a/elf/dl-sysdep.c
+++ b/elf/dl-sysdep.c
@@ -54,7 +54,7 @@ extern void __libc_check_standard_fds (void);
ElfW(Addr) _dl_base_addr;
#endif
int __libc_enable_secure attribute_relro = 0;
-INTVARDEF(__libc_enable_secure)
+rtld_hidden_data_def (__libc_enable_secure)
int __libc_multiple_libcs = 0; /* Defining this here avoids the inclusion
of init-first. */
/* This variable contains the lowest stack address ever used. */
@@ -148,7 +148,7 @@ _dl_sysdep_start (void **start_argptr,
#ifndef HAVE_AUX_SECURE
seen = -1;
#endif
- INTUSE(__libc_enable_secure) = av->a_un.a_val;
+ __libc_enable_secure = av->a_un.a_val;
break;
case AT_PLATFORM:
GLRO(dl_platform) = (void *) av->a_un.a_val;
@@ -199,7 +199,7 @@ _dl_sysdep_start (void **start_argptr,
/* If one of the two pairs of IDs does not match this is a setuid
or setgid run. */
- INTUSE(__libc_enable_secure) = uid | gid;
+ __libc_enable_secure = uid | gid;
}
#endif
@@ -243,7 +243,7 @@ _dl_sysdep_start (void **start_argptr,
/* If this is a SUID program we make sure that FDs 0, 1, and 2 are
allocated. If necessary we are doing it ourself. If it is not
possible we stop the program. */
- if (__builtin_expect (INTUSE(__libc_enable_secure), 0))
+ if (__builtin_expect (__libc_enable_secure, 0))
__libc_check_standard_fds ();
(*dl_main) (phdr, phnum, &user_entry, GLRO(dl_auxv));
diff --git a/elf/rtld.c b/elf/rtld.c
index d5cace8..d5e007f 100644
--- a/elf/rtld.c
+++ b/elf/rtld.c
@@ -1498,7 +1498,7 @@ ERROR: ld.so: object '%s' cannot be loaded as audit interface: %s; ignored.\n",
/* Prevent optimizing strsep. Speed is not important here. */
while ((p = (strsep) (&list, " :")) != NULL)
if (p[0] != '\0'
- && (__builtin_expect (! INTUSE(__libc_enable_secure), 1)
+ && (__builtin_expect (! __libc_enable_secure, 1)
|| strchr (p, '/') == NULL))
npreloads += do_preload (p, main_map, "LD_PRELOAD");
@@ -2318,7 +2318,7 @@ process_dl_audit (char *str)
while ((p = (strsep) (&str, ":")) != NULL)
if (p[0] != '\0'
- && (__builtin_expect (! INTUSE(__libc_enable_secure), 1)
+ && (__builtin_expect (! __libc_enable_secure, 1)
|| strchr (p, '/') == NULL))
{
/* This is using the local malloc, not the system malloc. The
@@ -2352,7 +2352,7 @@ process_envvars (enum mode *modep)
/* This is the default place for profiling data file. */
GLRO(dl_profile_output)
- = &"/var/tmp\0/var/profile"[INTUSE(__libc_enable_secure) ? 9 : 0];
+ = &"/var/tmp\0/var/profile"[__libc_enable_secure ? 9 : 0];
while ((envline = _dl_next_ld_env_entry (&runp)) != NULL)
{
@@ -2420,7 +2420,7 @@ process_envvars (enum mode *modep)
case 9:
/* Test whether we want to see the content of the auxiliary
array passed up from the kernel. */
- if (!INTUSE(__libc_enable_secure)
+ if (!__libc_enable_secure
&& memcmp (envline, "SHOW_AUXV", 9) == 0)
_dl_show_auxv ();
break;
@@ -2434,7 +2434,7 @@ process_envvars (enum mode *modep)
case 11:
/* Path where the binary is found. */
- if (!INTUSE(__libc_enable_secure)
+ if (!__libc_enable_secure
&& memcmp (envline, "ORIGIN_PATH", 11) == 0)
GLRO(dl_origin_path) = &envline[12];
break;
@@ -2454,7 +2454,7 @@ process_envvars (enum mode *modep)
break;
}
- if (!INTUSE(__libc_enable_secure)
+ if (!__libc_enable_secure
&& memcmp (envline, "DYNAMIC_WEAK", 12) == 0)
GLRO(dl_dynamic_weak) = 1;
break;
@@ -2465,7 +2465,7 @@ process_envvars (enum mode *modep)
#ifdef EXTRA_LD_ENVVARS_13
EXTRA_LD_ENVVARS_13
#endif
- if (!INTUSE(__libc_enable_secure)
+ if (!__libc_enable_secure
&& memcmp (envline, "USE_LOAD_BIAS", 13) == 0)
{
GLRO(dl_use_load_bias) = envline[14] == '1' ? -1 : 0;
@@ -2478,7 +2478,7 @@ process_envvars (enum mode *modep)
case 14:
/* Where to place the profiling data file. */
- if (!INTUSE(__libc_enable_secure)
+ if (!__libc_enable_secure
&& memcmp (envline, "PROFILE_OUTPUT", 14) == 0
&& envline[15] != '\0')
GLRO(dl_profile_output) = &envline[15];
@@ -2516,7 +2516,7 @@ process_envvars (enum mode *modep)
/* Extra security for SUID binaries. Remove all dangerous environment
variables. */
- if (__builtin_expect (INTUSE(__libc_enable_secure), 0))
+ if (__builtin_expect (__libc_enable_secure, 0))
{
static const char unsecure_envvars[] =
#ifdef EXTRA_UNSECURE_ENVVARS
diff --git a/include/unistd.h b/include/unistd.h
index 5a016b1..762acc0 100644
--- a/include/unistd.h
+++ b/include/unistd.h
@@ -151,10 +151,7 @@ libc_hidden_proto (__sbrk)
environment variables that normally affect them. */
extern int __libc_enable_secure attribute_relro;
extern int __libc_enable_secure_decided;
-#ifdef IS_IN_rtld
-/* XXX The #ifdef should go. */
-extern int __libc_enable_secure_internal attribute_relro attribute_hidden;
-#endif
+rtld_hidden_proto (__libc_enable_secure)
/* Various internal function. */
diff --git a/sysdeps/mach/hurd/dl-sysdep.c b/sysdeps/mach/hurd/dl-sysdep.c
index 7f79d1a..5de3857 100644
--- a/sysdeps/mach/hurd/dl-sysdep.c
+++ b/sysdeps/mach/hurd/dl-sysdep.c
@@ -51,7 +51,7 @@ extern char **_dl_argv;
extern char **_environ;
int __libc_enable_secure = 0;
-INTVARDEF(__libc_enable_secure)
+rtld_hidden_data_def (__libc_enable_secure)
int __libc_multiple_libcs = 0; /* Defining this here avoids the inclusion
of init-first. */
/* This variable contains the lowest stack address ever used. */
@@ -140,7 +140,7 @@ _dl_sysdep_start (void **start_argptr,
else
_dl_hurd_data = (void *) p;
- INTUSE(__libc_enable_secure) = _dl_hurd_data->flags & EXEC_SECURE;
+ __libc_enable_secure = _dl_hurd_data->flags & EXEC_SECURE;
if (_dl_hurd_data->flags & EXEC_STACK_ARGS &&
_dl_hurd_data->user_entry == 0)
@@ -220,7 +220,7 @@ unfmh(); /* XXX */
environment list.
We use memmove, since the locations might overlap. */
- if (INTUSE(__libc_enable_secure) || _dl_skip_args)
+ if (__libc_enable_secure || _dl_skip_args)
{
char **newp;
-----------------------------------------------------------------------
Summary of changes:
ChangeLog | 23 +++++++++++++++++++++++
elf/dl-deps.c | 2 +-
elf/dl-load.c | 14 +++++++-------
elf/dl-sysdep.c | 8 ++++----
elf/rtld.c | 18 +++++++++---------
include/unistd.h | 5 +----
sysdeps/mach/hurd/dl-sysdep.c | 6 +++---
7 files changed, 48 insertions(+), 28 deletions(-)
hooks/post-receive
--
GNU C Library master sources