elf: Refuse to dlopen PIE objects [BZ #24323]

Another executable has already been mapped, so the dynamic linker cannot perform relocations correctly for the second executable. (cherry picked from commit 2c75b545de) (test omitted due to indirect dependency on test-in-container)
2024-11-23 17:53:37 +08:00 · 2019-11-01 15:41:30 -04:00 · 2019-11-01 15:41:30 -04:00 · 59991bf48a
commit 59991bf48a
parent cef4c840a8
3 changed files with 22 additions and 5 deletions
--- a/7
+++ b/7
@ -1,3 +1,10 @@
+2019-06-18  Florian Weimer  <fweimer@redhat.com>
+
+	[BZ #24323]
+	* include/elf.h (DT_1_SUPPORTED_MASK): Include DF_1_PIE.
+	* elf/dl-load.c (_dl_map_object_from_fd): Check for DF_1_PIE and
+	fail when called from dlopen.
+
 2019-07-10  DJ Delorie  <dj@redhat.com>
 	    Sergei Trofimovich <slyfox@inbox.ru>

--- a/elf/dl-load.c
+++ b/elf/dl-load.c
@ -1173,6 +1173,10 @@ _dl_map_object_from_fd (const char *name, const char *origname, int fd,
 	goto call_lose;
      }

+    /* dlopen of an executable is not valid because it is not possible
+       to perform proper relocations, handle static TLS, or run the
+       ELF constructors.  For PIE, the check needs the dynamic
+       section, so there is another check below.  */
    if (__glibc_unlikely (type != ET_DYN)
 	&& __glibc_unlikely ((mode & __RTLD_OPENEXEC) == 0))
      {
@ -1209,9 +1213,11 @@ _dl_map_object_from_fd (const char *name, const char *origname, int fd,
  elf_get_dynamic_info (l, NULL);

  /* Make sure we are not dlopen'ing an object that has the
-     DF_1_NOOPEN flag set.  */
-  if (__glibc_unlikely (l->l_flags_1 & DF_1_NOOPEN)
-      && (mode & __RTLD_DLOPEN))
+     DF_1_NOOPEN flag set, or a PIE object.  */
+  if ((__glibc_unlikely (l->l_flags_1 & DF_1_NOOPEN)
+       && (mode & __RTLD_DLOPEN))
+      || (__glibc_unlikely (l->l_flags_1 & DF_1_PIE)
+	  && __glibc_unlikely ((mode & __RTLD_OPENEXEC) == 0)))
    {
      /* We are not supposed to load this object.  Free all resources.  */
      _dl_unmap_segments (l);
@ -1222,7 +1228,11 @@ _dl_map_object_from_fd (const char *name, const char *origname, int fd,
      if (l->l_phdr_allocated)
 	free ((void *) l->l_phdr);

-      errstring = N_("shared object cannot be dlopen()ed");
+      if (l->l_flags_1 & DF_1_PIE)
+	errstring
+	  = N_("cannot dynamically load position-independent executable");
+      else
+	errstring = N_("shared object cannot be dlopen()ed");
      goto call_lose;
    }

--- a/include/elf.h
+++ b/include/elf.h
@ -23,7 +23,7 @@
 # endif
 # define DT_1_SUPPORTED_MASK \
   (DF_1_NOW | DF_1_NODELETE | DF_1_INITFIRST | DF_1_NOOPEN \
-    | DF_1_ORIGIN | DF_1_NODEFLIB)
+    | DF_1_ORIGIN | DF_1_NODEFLIB | DF_1_PIE)

 #endif /* !_ISOMAC */
 #endif /* elf.h */