From owner-svn-src-stable@freebsd.org  Tue Jun  9 09:04:58 2020
Return-Path: <owner-svn-src-stable@freebsd.org>
Delivered-To: svn-src-stable@mailman.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.nyi.freebsd.org (Postfix) with ESMTP id 6CCA934E2B0;
 Tue,  9 Jun 2020 09:04:58 +0000 (UTC) (envelope-from kib@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org
 [IPv6:2610:1c1:1:606c::19:3])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
 client-signature RSA-PSS (4096 bits) client-digest SHA256)
 (Client CN "mxrelay.nyi.freebsd.org",
 Issuer "Let's Encrypt Authority X3" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id 49h42L2Lf5z44jx;
 Tue,  9 Jun 2020 09:04:58 +0000 (UTC) (envelope-from kib@FreeBSD.org)
Received: from repo.freebsd.org (repo.freebsd.org
 [IPv6:2610:1c1:1:6068::e6a:0])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4952B133AB;
 Tue,  9 Jun 2020 09:04:58 +0000 (UTC) (envelope-from kib@FreeBSD.org)
Received: from repo.freebsd.org ([127.0.1.37])
 by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id 05994wb1022789;
 Tue, 9 Jun 2020 09:04:58 GMT (envelope-from kib@FreeBSD.org)
Received: (from kib@localhost)
 by repo.freebsd.org (8.15.2/8.15.2/Submit) id 05994v4H022787;
 Tue, 9 Jun 2020 09:04:57 GMT (envelope-from kib@FreeBSD.org)
Message-Id: <202006090904.05994v4H022787@repo.freebsd.org>
X-Authentication-Warning: repo.freebsd.org: kib set sender to kib@FreeBSD.org
 using -f
From: Konstantin Belousov <kib@FreeBSD.org>
Date: Tue, 9 Jun 2020 09:04:57 +0000 (UTC)
To: src-committers@freebsd.org, svn-src-all@freebsd.org,
 svn-src-stable@freebsd.org, svn-src-stable-12@freebsd.org
Subject: svn commit: r361963 - stable/12/libexec/rtld-elf
X-SVN-Group: stable-12
X-SVN-Commit-Author: kib
X-SVN-Commit-Paths: stable/12/libexec/rtld-elf
X-SVN-Commit-Revision: 361963
X-SVN-Commit-Repository: base
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-BeenThere: svn-src-stable@freebsd.org
X-Mailman-Version: 2.1.33
Precedence: list
List-Id: SVN commit messages for all the -stable branches of the src tree
 <svn-src-stable.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/svn-src-stable>, 
 <mailto:svn-src-stable-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/svn-src-stable/>
List-Post: <mailto:svn-src-stable@freebsd.org>
List-Help: <mailto:svn-src-stable-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/svn-src-stable>,
 <mailto:svn-src-stable-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 09 Jun 2020 09:04:58 -0000

Author: kib
Date: Tue Jun  9 09:04:57 2020
New Revision: 361963
URL: https://svnweb.freebsd.org/changeset/base/361963

Log:
  MFC r361725, r361728:
  Do not allow to load ET_DYN object with DF_1_PIE flag set.

Modified:
  stable/12/libexec/rtld-elf/rtld.c
  stable/12/libexec/rtld-elf/rtld.h
Directory Properties:
  stable/12/   (props changed)

Modified: stable/12/libexec/rtld-elf/rtld.c
==============================================================================
--- stable/12/libexec/rtld-elf/rtld.c	Tue Jun  9 07:07:29 2020	(r361962)
+++ stable/12/libexec/rtld-elf/rtld.c	Tue Jun  9 09:04:57 2020	(r361963)
@@ -1321,6 +1321,8 @@ digest_dynamic1(Obj_Entry *obj, int early, const Elf_D
 		    obj->z_interpose = true;
 		if (dynp->d_un.d_val & DF_1_NODEFLIB)
 		    obj->z_nodeflib = true;
+		if (dynp->d_un.d_val & DF_1_PIE)
+		    obj->z_pie = true;
 	    break;
 
 	default:
@@ -2533,6 +2535,10 @@ do_load_object(int fd, const char *name, char *path, s
     obj->path = path;
     if (!digest_dynamic(obj, 0))
 	goto errp;
+    if (obj->z_pie) {
+	_rtld_error("Cannot load PIE binary %s as DSO", obj->path);
+	goto errp;
+    }
     dbg("%s valid_hash_sysv %d valid_hash_gnu %d dynsymcount %d", obj->path,
 	obj->valid_hash_sysv, obj->valid_hash_gnu, obj->dynsymcount);
     if (obj->z_noopen && (flags & (RTLD_LO_DLOPEN | RTLD_LO_TRACE)) ==

Modified: stable/12/libexec/rtld-elf/rtld.h
==============================================================================
--- stable/12/libexec/rtld-elf/rtld.h	Tue Jun  9 07:07:29 2020	(r361962)
+++ stable/12/libexec/rtld-elf/rtld.h	Tue Jun  9 09:04:57 2020	(r361963)
@@ -258,6 +258,7 @@ typedef struct Struct_Obj_Entry {
     bool z_interpose : 1;	/* Interpose all objects but main */
     bool z_nodeflib : 1;	/* Don't search default library path */
     bool z_global : 1;		/* Make the object global */
+    bool z_pie : 1;		/* Object proclaimed itself PIE executable */
     bool static_tls : 1;	/* Needs static TLS allocation */
     bool static_tls_copied : 1;	/* Needs static TLS copying */
     bool ref_nodel : 1;		/* Refcount increased to prevent dlclose */