Re: [PATCH] Don't all __access_noerrno with stack protector from __tunables_init [BZ #21744]

["H.J. Lu" <hjl dot tools at gmail dot com>]

On Mon, Jul 17, 2017 at 1:32 PM, Adhemerval Zanella
<adhemerval.zanella@linaro.org> wrote:
>
>
> On 16/07/2017 16:19, H.J. Lu wrote:
>> maybe_enable_malloc_check, which is called by __tunables_init, call
>> __access_noerrno.  It isn't problem when maybe_enable_malloc_check is
>> is in ld.so, which has a special version of __access_noerrno without
>> stack protector.  But when glibc is built with stack protector,
>> maybe_enable_malloc_check in libc.a can't call the regular version of
>> __access_noerrno with stack protector.
>>
>> This patch changes maybe_enable_malloc_check to call _dl_access_noerrno
>> instead.  For ld.so or glibc built without stack protector, it is defined
>> to __access_noerrno.  Otherwise a special version of __access_noerrno
>> without stack protector is used by maybe_enable_malloc_check in libc.a.
>>
>> Tested on x86-64 with and without --enable-stack-protector=all.
>>
>
> I think a much more simpler solution would be just to inline the access
> call on 'maybe_enable_malloc_check':
>
> diff --git a/elf/dl-tunables.c b/elf/dl-tunables.c
> index 44c160c..e6db258 100644
> --- a/elf/dl-tunables.c
> +++ b/elf/dl-tunables.c
> @@ -281,7 +281,8 @@ __always_inline
>  maybe_enable_malloc_check (void)
>  {
>    tunable_id_t id = TUNABLE_ENUM_NAME (glibc, malloc, check);
> -  if (__libc_enable_secure && __access_noerrno ("/etc/suid-debug", F_OK) == 0)
> +  if (__libc_enable_secure
> +      && INTERNAL_SYSCALL_CALL (access, "/etc/suid-debug", F_OK) == 0)
>      tunable_list[id].security_level = TUNABLE_SECLEVEL_NONE;
>  }
>
> We can cleanup the non required access_noerro later.
>

I don't think it works for Hurd.

-- 
H.J.