HBSD: Remove changes that cause ABI breakage

In order to provide a smooth transition, remove support for shared library load order randomization. This also removes the ABI breakage (the ELF auxvec) to allow per-application opt-in of shlibrandom. Signed-off-by: Shawn Webb <shawn@opnsense.org>
2026-06-11 01:30:30 -04:00 · 2018-10-05 16:19:21 -04:00 · 2018-10-05 16:19:21 -04:00 · 0c60df5d32
commit 0c60df5d32
parent 12706d45cb
12 changed files with 8 additions and 94 deletions
--- a/libexec/rtld-elf/Makefile
+++ b/libexec/rtld-elf/Makefile
@ -89,10 +89,6 @@ beforeinstall:
 SUBDIR+=	tests
 .endif

-.if ${MK_SHLIBRANDOM} != "no"
-CFLAGS+=	-DSHLIBRANDOM
-.endif
-
 NOPIE=	yes

 .include <bsd.prog.mk>
--- a/libexec/rtld-elf/rtld.c
+++ b/libexec/rtld-elf/rtld.c
@ -114,9 +114,6 @@ static void initlist_add_objects(Obj_Entry *, Obj_Entry *, Objlist *);
 static void linkmap_add(Obj_Entry *);
 static void linkmap_delete(Obj_Entry *);
 static void load_filtees(Obj_Entry *, int flags, RtldLockState *);
-#if defined(HARDENEDBSD) && defined(SHLIBRANDOM)
-static void randomize_neededs(Obj_Entry *obj, int flags);
-#endif
 static void unload_filtees(Obj_Entry *, RtldLockState *);
 static int load_needed_objects(Obj_Entry *, int);
 static int load_preload_objects(void);
@ -215,10 +212,6 @@ static Obj_Entry obj_rtld;	/* The dynamic linker shared object */
 static unsigned int obj_count;	/* Number of objects in obj_list */
 static unsigned int obj_loads;	/* Number of loads of objects (gen count) */

-#ifdef HARDENEDBSD
-static Elf_Word pax_flags = 0;	/* PaX / HardenedBSD flags */
-#endif
-
 static Objlist list_global =	/* Objects dlopened with RTLD_GLOBAL */
  STAILQ_HEAD_INITIALIZER(list_global);
 static Objlist list_main =	/* Objects loaded at program startup */
@ -414,14 +407,6 @@ _rtld(Elf_Addr *sp, func_ptr_type *exit_proc, Obj_Entry **objp)
    main_argc = argc;
    main_argv = argv;

-#ifdef HARDENEDBSD
-    /* Load PaX flags */
-    if (aux_info[AT_PAXFLAGS] != NULL) {
-        pax_flags = aux_info[AT_PAXFLAGS]->a_un.a_val;
-        aux_info[AT_PAXFLAGS]->a_un.a_val = 0;
-    }
-#endif
-
    if (aux_info[AT_CANARY] != NULL &&
 	aux_info[AT_CANARY]->a_un.a_ptr != NULL) {
 	    i = aux_info[AT_CANARYLEN]->a_un.a_val;
@ -2292,56 +2277,6 @@ process_needed(Obj_Entry *obj, Needed_Entry *needed, int flags)
    return (0);
 }

-#if defined(HARDENEDBSD) && defined(SHLIBRANDOM)
-static void
-randomize_neededs(Obj_Entry *obj, int flags)
-{
-    Needed_Entry **needs=NULL, *need=NULL;
-    unsigned int i, j, nneed;
-    size_t sz = sizeof(unsigned int);
-    int mib[2];
-
-    if (!(obj->needed) || (flags & RTLD_LO_FILTEES))
-	return;
-
-    mib[0] = CTL_KERN;
-    mib[1] = KERN_ARND;
-
-    for (nneed = 0, need = obj->needed; need != NULL; need = need->next)
-	nneed++;
-
-    if (nneed > 1) {
-	needs = xcalloc(nneed, sizeof(Needed_Entry **));
-	for (i = 0, need = obj->needed; i < nneed; i++, need = need->next)
-	    needs[i] = need;
-
-	for (i=0; i < nneed; i++) {
-	    do {
-		if (sysctl(mib, 2, &j, &sz, NULL, 0))
-		    goto err;
-
-		j %= nneed;
-	    } while (j == i);
-
-	    need = needs[i];
-	    needs[i] = needs[j];
-	    needs[j] = need;
-	}
-
-	for (i=0; i < nneed; i++)
-	    needs[i]->next = i + 1 < nneed ? needs[i + 1] : NULL;
-
-	obj->needed = needs[0];
-    }
-
-err:
-    if (needs != NULL)
-	free(needs);
-
-    return;
-}
-#endif
-
 /*
 * Given a shared object, traverse its list of needed objects, and load
 * each of them.  Returns 0 on success.  Generates an error message and
@ -2355,11 +2290,6 @@ load_needed_objects(Obj_Entry *first, int flags)
    for (obj = first; obj != NULL; obj = TAILQ_NEXT(obj, next)) {
 	if (obj->marker)
 	    continue;
-#if defined(HARDENEDBSD) && defined(SHLIBRANDOM)
-        if ((pax_flags & (PAX_HARDENING_NOSHLIBRANDOM | PAX_HARDENING_SHLIBRANDOM)) !=
-	  PAX_HARDENING_NOSHLIBRANDOM)
-            randomize_neededs(obj, flags);
-#endif
 	if (process_needed(obj, obj->needed, flags) == -1)
 	    return (-1);
    }
--- a/share/mk/src.opts.mk
+++ b/share/mk/src.opts.mk
@ -162,7 +162,6 @@ __DEFAULT_YES_OPTIONS = \
    SETUID_LOGIN \
    SHAREDOCS \
    SHARED_TOOLCHAIN \
-    SHLIBRANDOM \
    SOURCELESS \
    SOURCELESS_HOST \
    SOURCELESS_UCODE \
--- a/sys/arm/include/elf.h
+++ b/sys/arm/include/elf.h
@ -87,9 +87,8 @@ __ElfType(Auxinfo);
 #define	AT_EHDRFLAGS	24	/* e_flags field from elf hdr */
 #define	AT_HWCAP	25	/* CPU feature flags. */
 #define	AT_HWCAP2	26	/* CPU feature flags 2. */
-#define	AT_PAXFLAGS	27	/* PaX / HardenedBSD flags */

-#define	AT_COUNT	28	/* Count of defined aux entry types. */
+#define	AT_COUNT	27	/* Count of defined aux entry types. */

 #define	R_ARM_COUNT	33	/* Count of defined relocation types. */

--- a/sys/arm64/include/elf.h
+++ b/sys/arm64/include/elf.h
@ -94,9 +94,8 @@ __ElfType(Auxinfo);
 #define	AT_EHDRFLAGS	24	/* e_flags field from elf hdr */
 #define	AT_HWCAP	25	/* CPU feature flags. */
 #define	AT_HWCAP2	26	/* CPU feature flags 2. */
-#define	AT_PAXFLAGS	27	/* PaX / HardenedBSD flags */

-#define	AT_COUNT	28	/* Count of defined aux entry types. */
+#define	AT_COUNT	27	/* Count of defined aux entry types. */

 /* Define "machine" characteristics */
 #define	ELF_TARG_CLASS	ELFCLASS64
--- a/sys/kern/imgact_elf.c
+++ b/sys/kern/imgact_elf.c
@ -1091,7 +1091,6 @@ __CONCAT(exec_, __elfN(imgact))(struct image_params *imgp)
 	elf_auxargs->flags = 0;
 	elf_auxargs->entry = entry;
 	elf_auxargs->hdr_eflags = hdr->e_flags;
-	elf_auxargs->pax_flags = imgp->proc->p_pax;

 	imgp->auxargs = elf_auxargs;
 	imgp->interpreted = 0;
@ -1126,7 +1125,6 @@ __elfN(freebsd_fixup)(register_t **stack_base, struct image_params *imgp)
 	AUXARGS_ENTRY(pos, AT_FLAGS, args->flags);
 	AUXARGS_ENTRY(pos, AT_ENTRY, args->entry);
 	AUXARGS_ENTRY(pos, AT_BASE, args->base);
-	AUXARGS_ENTRY(pos, AT_PAXFLAGS, args->pax_flags);
 	AUXARGS_ENTRY(pos, AT_EHDRFLAGS, args->hdr_eflags);
 	if (imgp->execpathp != 0)
 		AUXARGS_ENTRY(pos, AT_EXECPATH, imgp->execpathp);
--- a/sys/mips/include/elf.h
+++ b/sys/mips/include/elf.h
@ -148,9 +148,8 @@ __ElfType(Auxinfo);
 #define	AT_EHDRFLAGS	24	/* e_flags field from elf hdr */
 #define	AT_HWCAP	25	/* CPU feature flags. */
 #define	AT_HWCAP2	26	/* CPU feature flags 2. */
-#define	AT_PAXFLAGS	27	/* PaX / HardenedBSD flags */

-#define	AT_COUNT	28	/* Count of defined aux entry types. */
+#define	AT_COUNT	27	/* Count of defined aux entry types. */

 #define	ET_DYN_LOAD_ADDR 0x0120000

--- a/sys/powerpc/include/elf.h
+++ b/sys/powerpc/include/elf.h
@ -111,9 +111,8 @@ __ElfType(Auxinfo);
 #define	AT_EHDRFLAGS	24	/* e_flags field from elf hdr */
 #define	AT_HWCAP	25	/* CPU feature flags. */
 #define	AT_HWCAP2	26	/* CPU feature flags 2. */
-#define	AT_PAXFLAGS	27      /* PaX / HardenedBSD flags */

-#define	AT_COUNT	28	/* Count of defined aux entry types. */
+#define	AT_COUNT	27	/* Count of defined aux entry types. */

 /*
 * Relocation types.
--- a/sys/riscv/include/elf.h
+++ b/sys/riscv/include/elf.h
@ -94,9 +94,8 @@ __ElfType(Auxinfo);
 #define	AT_EHDRFLAGS	24	/* e_flags field from elf hdr */
 #define	AT_HWCAP	25	/* CPU feature flags. */
 #define	AT_HWCAP2	26	/* CPU feature flags 2. */
-#define	AT_PAXFLAGS	27	/* HardenedBSD PaX flags */

-#define	AT_COUNT	28	/* Count of defined aux entry types. */
+#define	AT_COUNT	27	/* Count of defined aux entry types. */

 /* Define "machine" characteristics */
 #define	ELF_TARG_CLASS	ELFCLASS64
--- a/sys/sparc64/include/elf.h
+++ b/sys/sparc64/include/elf.h
@ -95,9 +95,8 @@ __ElfType(Auxinfo);
 #define	AT_EHDRFLAGS	24	/* e_flags field from elf hdr */
 #define	AT_HWCAP	25	/* CPU feature flags. */
 #define	AT_HWCAP2	26	/* CPU feature flags 2. */
-#define	AT_PAXFLAGS	27	/* PaX / HardenedBSD flags */

-#define	AT_COUNT	28	/* Count of defined aux entry types. */
+#define	AT_COUNT	27	/* Count of defined aux entry types. */

 /* Define "machine" characteristics */
 #if __ELF_WORD_SIZE == 32
--- a/sys/sys/imgact_elf.h
+++ b/sys/sys/imgact_elf.h
@ -55,7 +55,6 @@ typedef struct {
 	Elf_Size	flags;
 	Elf_Size	entry;
 	Elf_Word	hdr_eflags;		/* e_flags field from ehdr */
-	Elf_Word	pax_flags;
 } __ElfN(Auxargs);

 typedef struct {
--- a/sys/x86/include/elf.h
+++ b/sys/x86/include/elf.h
@ -104,9 +104,8 @@ __ElfType(Auxinfo);
 #define	AT_EHDRFLAGS	24	/* e_flags field from elf hdr */
 #define	AT_HWCAP	25	/* CPU feature flags. */
 #define	AT_HWCAP2	26	/* CPU feature flags 2. */
-#define	AT_PAXFLAGS	27	/* PaX / HardenedBSD flags */

-#define	AT_COUNT	28	/* Count of defined aux entry types. */
+#define	AT_COUNT	27	/* Count of defined aux entry types. */

 /*
 * Relocation types.
@ -194,9 +193,8 @@ __ElfType(Auxinfo);
 #define	AT_EHDRFLAGS	24	/* e_flags field from elf hdr */
 #define	AT_HWCAP	25	/* CPU feature flags. */
 #define	AT_HWCAP2	26	/* CPU feature flags 2. */
-#define	AT_PAXFLAGS	27	/* PaX / HardenedBSD flags */

-#define	AT_COUNT	28	/* Count of defined aux entry types. */
+#define	AT_COUNT	27	/* Count of defined aux entry types. */

 /*
 * Relocation types.