diff options
author | Rich Felker <dalias@aerifal.cx> | 2017-03-14 18:51:27 -0400 |
---|---|---|
committer | Rich Felker <dalias@aerifal.cx> | 2017-03-14 18:51:27 -0400 |
commit | c49d3c8adadfa24235fcf4779bb722b1aa6f480b (patch) | |
tree | 7468c28a96271cef0c3dfa5d451594f0a0600423 | |
parent | 3ec8b3aeb88cef8574a7b0f677ebc1801f03821d (diff) | |
download | musl-c49d3c8adadfa24235fcf4779bb722b1aa6f480b.tar.gz musl-c49d3c8adadfa24235fcf4779bb722b1aa6f480b.tar.bz2 musl-c49d3c8adadfa24235fcf4779bb722b1aa6f480b.tar.xz musl-c49d3c8adadfa24235fcf4779bb722b1aa6f480b.zip |
avoid loading of multiple libc versions via explicit pathname
such loading is unsafe, and can happen when programs use their own
logic to locate a .so file then pass the absolute pathname to dlopen,
or if an absolute pathname ends up in DT_NEEDED headers. multiple
loads with only the base name were already precluded, provided libc
was named appropriately, by special-casing standard library names.
one function symbol (in the reserved namespace, but public, since it's
part of the crt1 entry point ABI) and one data symbol are checked.
this way we avoid likely false positives, particularly from libraries
interposing and wrapping functions. there is no hard requirement to
avoid breaking such usage, since trying to run a hook before libc is
even initialized is not a supported usage case, but it's friendlier
not to break things.
-rw-r--r-- | ldso/dynlink.c | 12 |
1 files changed, 11 insertions, 1 deletions
diff --git a/ldso/dynlink.c b/ldso/dynlink.c index f8db1f82..80d85e94 100644 --- a/ldso/dynlink.c +++ b/ldso/dynlink.c @@ -1042,6 +1042,17 @@ static struct dso *load_library(const char *name, struct dso *needed_by) close(fd); if (!map) return 0; + /* Avoid the danger of getting two versions of libc mapped into the + * same process when an absolute pathname was used. The symbols + * checked are chosen to catch both musl and glibc, and to avoid + * false positives from interposition-hack libraries. */ + decode_dyn(&temp_dso); + if (find_sym(&temp_dso, "__libc_start_main", 1).sym && + find_sym(&temp_dso, "stdin", 1).sym) { + unmap_library(&temp_dso); + return load_library("libc.so", needed_by); + } + /* Allocate storage for the new DSO. When there is TLS, this * storage must include a reservation for all pre-existing * threads to obtain copies of both the new TLS, and an @@ -1061,7 +1072,6 @@ static struct dso *load_library(const char *name, struct dso *needed_by) return 0; } memcpy(p, &temp_dso, sizeof temp_dso); - decode_dyn(p); p->dev = st.st_dev; p->ino = st.st_ino; p->refcnt = 1; |