riscv
/
glibc
mirror of https://gitee.com/Nocallback/glibc.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

rtld: Add glibc.rtld.enable_secure tunable. 

Add a tunable for setting __libc_enable_secure to 1.  Do not set
__libc_enable_secure to 0 if the tunable is set to 0.  Ignore all
tunables if glib.rtld.enable_secure is set.  One use-case for this
addition is to enable testing code paths that depend on
__libc_enable_secure being set without the need to use setxid binaries.

Reviewed-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
master
Joe Simmons-Talbott 2 years ago
committed by Joe Talbott
parent
9b7091415a
commit
71648e8004
6 changed files with 151 additions and 0 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 5
      NEWS
  2. 2
      elf/Makefile
  3. 11
      elf/dl-tunables.c
  4. 6
      elf/dl-tunables.list
  5. 1
      elf/tst-rtld-list-tunables.exp
  6. 126
      elf/tst-tunables-enable_secure.c

5
NEWS
View File

@ -103,6 +103,11 @@ Major new features:
exp, expf, exp10, exp10f, exp2, exp2f, expm1, expm1f, log, logf, exp, expf, exp10, exp10f, exp2, exp2f, expm1, expm1f, log, logf,
log10, log10f, log1p, log1pf, log2, log2f, sin, sinf, tan, tanf. log10, log10f, log1p, log1pf, log2, log2f, sin, sinf, tan, tanf.
* A new tunable, glibc.rtld.enable_secure, used to run a program
as if it were a setuid process. This is currently a testing tool to allow
more extensive verification tests for AT_SECURE programs and not meant to
be a security feature.
Deprecated and removed features, and other changes affecting compatibility: Deprecated and removed features, and other changes affecting compatibility:
* The ldconfig program now skips file names containing ';' or ending in * The ldconfig program now skips file names containing ';' or ending in

2
elf/Makefile
View File

@ -285,6 +285,7 @@ tests-static-internal := \
tst-tls1-static \ tst-tls1-static \
tst-tls1-static-non-pie \ tst-tls1-static-non-pie \
tst-tunables \ tst-tunables \
tst-tunables-enable_secure \
# tests-static-internal # tests-static-internal
CRT-tst-tls1-static-non-pie := $(csu-objpfx)crt1.o CRT-tst-tls1-static-non-pie := $(csu-objpfx)crt1.o
@ -2681,6 +2682,7 @@ $(objpfx)tst-glibc-hwcaps-mask.out: \
$(objpfx)tst-glibc-hwcaps-cache.out: $(objpfx)tst-glibc-hwcaps $(objpfx)tst-glibc-hwcaps-cache.out: $(objpfx)tst-glibc-hwcaps
tst-tunables-ARGS = -- $(host-test-program-cmd) tst-tunables-ARGS = -- $(host-test-program-cmd)
tst-tunables-enable_secure-ARGS = -- $(host-test-program-cmd)
$(objpfx)list-tunables.out: tst-rtld-list-tunables.sh $(objpfx)ld.so $(objpfx)list-tunables.out: tst-rtld-list-tunables.sh $(objpfx)ld.so
$(SHELL) $< $(objpfx)ld.so '$(test-wrapper-env)' \ $(SHELL) $< $(objpfx)ld.so '$(test-wrapper-env)' \

11
elf/dl-tunables.c
View File

@ -223,6 +223,17 @@ parse_tunables_string (const char *valstring, struct tunable_toset_t *tunables)
{ {
tunables[ntunables++] = tunables[ntunables++] =
(struct tunable_toset_t) { cur, value, p - value }; (struct tunable_toset_t) { cur, value, p - value };
/* Ignore tunables if enable_secure is set */
if (tunable_is_name ("glibc.rtld.enable_secure", name))
{
tunable_num_t val = (tunable_num_t) _dl_strtoul (value, NULL);
if (val == 1)
{
__libc_enable_secure = 1;
return 0;
}
}
break; break;
} }
} }

6
elf/dl-tunables.list
View File

@ -136,6 +136,12 @@ glibc {
minval: 0 minval: 0
default: 512 default: 512
} }
enable_secure {
type: INT_32
minval: 0
maxval: 1
default: 0
}
} }
mem { mem {

1
elf/tst-rtld-list-tunables.exp
View File

@ -12,5 +12,6 @@ glibc.malloc.tcache_unsorted_limit: 0x0 (min: 0x0, max: 0x[f]+)
glibc.malloc.top_pad: 0x20000 (min: 0x0, max: 0x[f]+) glibc.malloc.top_pad: 0x20000 (min: 0x0, max: 0x[f]+)
glibc.malloc.trim_threshold: 0x0 (min: 0x0, max: 0x[f]+) glibc.malloc.trim_threshold: 0x0 (min: 0x0, max: 0x[f]+)
glibc.rtld.dynamic_sort: 2 (min: 1, max: 2) glibc.rtld.dynamic_sort: 2 (min: 1, max: 2)
glibc.rtld.enable_secure: 0 (min: 0, max: 1)
glibc.rtld.nns: 0x4 (min: 0x1, max: 0x10) glibc.rtld.nns: 0x4 (min: 0x1, max: 0x10)
glibc.rtld.optional_static_tls: 0x200 (min: 0x0, max: 0x[f]+) glibc.rtld.optional_static_tls: 0x200 (min: 0x0, max: 0x[f]+)

126
elf/tst-tunables-enable_secure.c
View File

@ -0,0 +1,126 @@
/* Check GLIBC_TUNABLES parsing for enable_secure.
Copyright (C) 2024 Free Software Foundation, Inc.
This file is part of the GNU C Library.
The GNU C Library is free software; you can redistribute it and/or
modify it under the terms of the GNU Lesser General Public
License as published by the Free Software Foundation; either
version 2.1 of the License, or (at your option) any later version.
The GNU C Library is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
Lesser General Public License for more details.
You should have received a copy of the GNU Lesser General Public
License along with the GNU C Library; if not, see
<https://www.gnu.org/licenses/>. */
#include <array_length.h>
#include <dl-tunables.h>
#include <getopt.h>
#include <intprops.h>
#include <stdint.h>
#include <stdlib.h>
#include <support/capture_subprocess.h>
#include <support/check.h>
#include <sys/auxv.h>
#include <unistd.h>
static int restart;
#define CMDLINE_OPTIONS \
{ "restart", no_argument, &restart, 1 },
static const struct test_t
{
const char *env;
int32_t expected_malloc_check;
int32_t expected_enable_secure;
} tests[] =
{
/* Expected tunable format. */
/* Tunables should be ignored if enable_secure is set. */
{
"glibc.malloc.check=2:glibc.rtld.enable_secure=1",
0,
1,
},
/* Tunables should be ignored if enable_secure is set. */
{
"glibc.rtld.enable_secure=1:glibc.malloc.check=2",
0,
1,
},
/* Tunables should be set if enable_secure is unset. */
{
"glibc.rtld.enable_secure=0:glibc.malloc.check=2",
2,
0,
},
};
static int
handle_restart (int i)
{
if (tests[i].expected_enable_secure == 1)
{
TEST_COMPARE (1, __libc_enable_secure);
}
else
{
TEST_COMPARE (tests[i].expected_malloc_check,
TUNABLE_GET_FULL (glibc, malloc, check, int32_t, NULL));
TEST_COMPARE (tests[i].expected_enable_secure,
TUNABLE_GET_FULL (glibc, rtld, enable_secure, int32_t,
NULL));
}
return 0;
}
static int
do_test (int argc, char *argv[])
{
/* We must have either:
- One or four parameters left if called initially:
+ path to ld.so optional
+ "--library-path" optional
+ the library path optional
+ the application name
+ the test to check */
TEST_VERIFY_EXIT (argc == 2 || argc == 5);
if (restart)
return handle_restart (atoi (argv[1]));
char nteststr[INT_BUFSIZE_BOUND (int)];
char *spargv[10];
{
int i = 0;
for (; i < argc - 1; i++)
spargv[i] = argv[i + 1];
spargv[i++] = (char *) "--direct";
spargv[i++] = (char *) "--restart";
spargv[i++] = nteststr;
spargv[i] = NULL;
}
for (int i = 0; i < array_length (tests); i++)
{
snprintf (nteststr, sizeof nteststr, "%d", i);
printf ("[%d] Spawned test for %s\n", i, tests[i].env);
setenv ("GLIBC_TUNABLES", tests[i].env, 1);
struct support_capture_subprocess result
= support_capture_subprogram (spargv[0], spargv);
support_capture_subprocess_check (&result, "tst-tunables-enable_secure",
0, sc_allow_stderr);
support_capture_subprocess_free (&result);
}
return 0;
}
#define TEST_FUNCTION_ARGV do_test
#include <support/test-driver.c>
Write Preview
Loading…
Cancel
Save