From 0c60df5d3276ae77bebe744b7367ca4f0bb678d9 Mon Sep 17 00:00:00 2001 From: Shawn Webb Date: Fri, 5 Oct 2018 16:19:21 -0400 Subject: [PATCH] HBSD: Remove changes that cause ABI breakage In order to provide a smooth transition, remove support for shared library load order randomization. This also removes the ABI breakage (the ELF auxvec) to allow per-application opt-in of shlibrandom. Signed-off-by: Shawn Webb --- libexec/rtld-elf/Makefile | 4 --- libexec/rtld-elf/rtld.c | 70 --------------------------------------- share/mk/src.opts.mk | 1 - sys/arm/include/elf.h | 3 +- sys/arm64/include/elf.h | 3 +- sys/kern/imgact_elf.c | 2 -- sys/mips/include/elf.h | 3 +- sys/powerpc/include/elf.h | 3 +- sys/riscv/include/elf.h | 3 +- sys/sparc64/include/elf.h | 3 +- sys/sys/imgact_elf.h | 1 - sys/x86/include/elf.h | 6 ++-- 12 files changed, 8 insertions(+), 94 deletions(-) diff --git a/libexec/rtld-elf/Makefile b/libexec/rtld-elf/Makefile index b06def55b7d..f677fbbdac0 100644 --- a/libexec/rtld-elf/Makefile +++ b/libexec/rtld-elf/Makefile @@ -89,10 +89,6 @@ beforeinstall: SUBDIR+= tests .endif -.if ${MK_SHLIBRANDOM} != "no" -CFLAGS+= -DSHLIBRANDOM -.endif - NOPIE= yes .include diff --git a/libexec/rtld-elf/rtld.c b/libexec/rtld-elf/rtld.c index e5c3a046978..e823ec8598f 100644 --- a/libexec/rtld-elf/rtld.c +++ b/libexec/rtld-elf/rtld.c @@ -114,9 +114,6 @@ static void initlist_add_objects(Obj_Entry *, Obj_Entry *, Objlist *); static void linkmap_add(Obj_Entry *); static void linkmap_delete(Obj_Entry *); static void load_filtees(Obj_Entry *, int flags, RtldLockState *); -#if defined(HARDENEDBSD) && defined(SHLIBRANDOM) -static void randomize_neededs(Obj_Entry *obj, int flags); -#endif static void unload_filtees(Obj_Entry *, RtldLockState *); static int load_needed_objects(Obj_Entry *, int); static int load_preload_objects(void); @@ -215,10 +212,6 @@ static Obj_Entry obj_rtld; /* The dynamic linker shared object */ static unsigned int obj_count; /* Number of objects in obj_list */ static unsigned int obj_loads; /* Number of loads of objects (gen count) */ -#ifdef HARDENEDBSD -static Elf_Word pax_flags = 0; /* PaX / HardenedBSD flags */ -#endif - static Objlist list_global = /* Objects dlopened with RTLD_GLOBAL */ STAILQ_HEAD_INITIALIZER(list_global); static Objlist list_main = /* Objects loaded at program startup */ @@ -414,14 +407,6 @@ _rtld(Elf_Addr *sp, func_ptr_type *exit_proc, Obj_Entry **objp) main_argc = argc; main_argv = argv; -#ifdef HARDENEDBSD - /* Load PaX flags */ - if (aux_info[AT_PAXFLAGS] != NULL) { - pax_flags = aux_info[AT_PAXFLAGS]->a_un.a_val; - aux_info[AT_PAXFLAGS]->a_un.a_val = 0; - } -#endif - if (aux_info[AT_CANARY] != NULL && aux_info[AT_CANARY]->a_un.a_ptr != NULL) { i = aux_info[AT_CANARYLEN]->a_un.a_val; @@ -2292,56 +2277,6 @@ process_needed(Obj_Entry *obj, Needed_Entry *needed, int flags) return (0); } -#if defined(HARDENEDBSD) && defined(SHLIBRANDOM) -static void -randomize_neededs(Obj_Entry *obj, int flags) -{ - Needed_Entry **needs=NULL, *need=NULL; - unsigned int i, j, nneed; - size_t sz = sizeof(unsigned int); - int mib[2]; - - if (!(obj->needed) || (flags & RTLD_LO_FILTEES)) - return; - - mib[0] = CTL_KERN; - mib[1] = KERN_ARND; - - for (nneed = 0, need = obj->needed; need != NULL; need = need->next) - nneed++; - - if (nneed > 1) { - needs = xcalloc(nneed, sizeof(Needed_Entry **)); - for (i = 0, need = obj->needed; i < nneed; i++, need = need->next) - needs[i] = need; - - for (i=0; i < nneed; i++) { - do { - if (sysctl(mib, 2, &j, &sz, NULL, 0)) - goto err; - - j %= nneed; - } while (j == i); - - need = needs[i]; - needs[i] = needs[j]; - needs[j] = need; - } - - for (i=0; i < nneed; i++) - needs[i]->next = i + 1 < nneed ? needs[i + 1] : NULL; - - obj->needed = needs[0]; - } - -err: - if (needs != NULL) - free(needs); - - return; -} -#endif - /* * Given a shared object, traverse its list of needed objects, and load * each of them. Returns 0 on success. Generates an error message and @@ -2355,11 +2290,6 @@ load_needed_objects(Obj_Entry *first, int flags) for (obj = first; obj != NULL; obj = TAILQ_NEXT(obj, next)) { if (obj->marker) continue; -#if defined(HARDENEDBSD) && defined(SHLIBRANDOM) - if ((pax_flags & (PAX_HARDENING_NOSHLIBRANDOM | PAX_HARDENING_SHLIBRANDOM)) != - PAX_HARDENING_NOSHLIBRANDOM) - randomize_neededs(obj, flags); -#endif if (process_needed(obj, obj->needed, flags) == -1) return (-1); } diff --git a/share/mk/src.opts.mk b/share/mk/src.opts.mk index 728d2157e21..9686f975736 100644 --- a/share/mk/src.opts.mk +++ b/share/mk/src.opts.mk @@ -162,7 +162,6 @@ __DEFAULT_YES_OPTIONS = \ SETUID_LOGIN \ SHAREDOCS \ SHARED_TOOLCHAIN \ - SHLIBRANDOM \ SOURCELESS \ SOURCELESS_HOST \ SOURCELESS_UCODE \ diff --git a/sys/arm/include/elf.h b/sys/arm/include/elf.h index 5f051c090d4..ee854f76add 100644 --- a/sys/arm/include/elf.h +++ b/sys/arm/include/elf.h @@ -87,9 +87,8 @@ __ElfType(Auxinfo); #define AT_EHDRFLAGS 24 /* e_flags field from elf hdr */ #define AT_HWCAP 25 /* CPU feature flags. */ #define AT_HWCAP2 26 /* CPU feature flags 2. */ -#define AT_PAXFLAGS 27 /* PaX / HardenedBSD flags */ -#define AT_COUNT 28 /* Count of defined aux entry types. */ +#define AT_COUNT 27 /* Count of defined aux entry types. */ #define R_ARM_COUNT 33 /* Count of defined relocation types. */ diff --git a/sys/arm64/include/elf.h b/sys/arm64/include/elf.h index e53cb5e0109..f5f425e2e2e 100644 --- a/sys/arm64/include/elf.h +++ b/sys/arm64/include/elf.h @@ -94,9 +94,8 @@ __ElfType(Auxinfo); #define AT_EHDRFLAGS 24 /* e_flags field from elf hdr */ #define AT_HWCAP 25 /* CPU feature flags. */ #define AT_HWCAP2 26 /* CPU feature flags 2. */ -#define AT_PAXFLAGS 27 /* PaX / HardenedBSD flags */ -#define AT_COUNT 28 /* Count of defined aux entry types. */ +#define AT_COUNT 27 /* Count of defined aux entry types. */ /* Define "machine" characteristics */ #define ELF_TARG_CLASS ELFCLASS64 diff --git a/sys/kern/imgact_elf.c b/sys/kern/imgact_elf.c index e6ff92da429..bd2335a1db9 100644 --- a/sys/kern/imgact_elf.c +++ b/sys/kern/imgact_elf.c @@ -1091,7 +1091,6 @@ __CONCAT(exec_, __elfN(imgact))(struct image_params *imgp) elf_auxargs->flags = 0; elf_auxargs->entry = entry; elf_auxargs->hdr_eflags = hdr->e_flags; - elf_auxargs->pax_flags = imgp->proc->p_pax; imgp->auxargs = elf_auxargs; imgp->interpreted = 0; @@ -1126,7 +1125,6 @@ __elfN(freebsd_fixup)(register_t **stack_base, struct image_params *imgp) AUXARGS_ENTRY(pos, AT_FLAGS, args->flags); AUXARGS_ENTRY(pos, AT_ENTRY, args->entry); AUXARGS_ENTRY(pos, AT_BASE, args->base); - AUXARGS_ENTRY(pos, AT_PAXFLAGS, args->pax_flags); AUXARGS_ENTRY(pos, AT_EHDRFLAGS, args->hdr_eflags); if (imgp->execpathp != 0) AUXARGS_ENTRY(pos, AT_EXECPATH, imgp->execpathp); diff --git a/sys/mips/include/elf.h b/sys/mips/include/elf.h index 53d195f42dd..e53a9e09c2a 100644 --- a/sys/mips/include/elf.h +++ b/sys/mips/include/elf.h @@ -148,9 +148,8 @@ __ElfType(Auxinfo); #define AT_EHDRFLAGS 24 /* e_flags field from elf hdr */ #define AT_HWCAP 25 /* CPU feature flags. */ #define AT_HWCAP2 26 /* CPU feature flags 2. */ -#define AT_PAXFLAGS 27 /* PaX / HardenedBSD flags */ -#define AT_COUNT 28 /* Count of defined aux entry types. */ +#define AT_COUNT 27 /* Count of defined aux entry types. */ #define ET_DYN_LOAD_ADDR 0x0120000 diff --git a/sys/powerpc/include/elf.h b/sys/powerpc/include/elf.h index 6eba10ffb21..8246db06217 100644 --- a/sys/powerpc/include/elf.h +++ b/sys/powerpc/include/elf.h @@ -111,9 +111,8 @@ __ElfType(Auxinfo); #define AT_EHDRFLAGS 24 /* e_flags field from elf hdr */ #define AT_HWCAP 25 /* CPU feature flags. */ #define AT_HWCAP2 26 /* CPU feature flags 2. */ -#define AT_PAXFLAGS 27 /* PaX / HardenedBSD flags */ -#define AT_COUNT 28 /* Count of defined aux entry types. */ +#define AT_COUNT 27 /* Count of defined aux entry types. */ /* * Relocation types. diff --git a/sys/riscv/include/elf.h b/sys/riscv/include/elf.h index 179c1edd8af..124c6958317 100644 --- a/sys/riscv/include/elf.h +++ b/sys/riscv/include/elf.h @@ -94,9 +94,8 @@ __ElfType(Auxinfo); #define AT_EHDRFLAGS 24 /* e_flags field from elf hdr */ #define AT_HWCAP 25 /* CPU feature flags. */ #define AT_HWCAP2 26 /* CPU feature flags 2. */ -#define AT_PAXFLAGS 27 /* HardenedBSD PaX flags */ -#define AT_COUNT 28 /* Count of defined aux entry types. */ +#define AT_COUNT 27 /* Count of defined aux entry types. */ /* Define "machine" characteristics */ #define ELF_TARG_CLASS ELFCLASS64 diff --git a/sys/sparc64/include/elf.h b/sys/sparc64/include/elf.h index e67c2738dd6..745cf55efeb 100644 --- a/sys/sparc64/include/elf.h +++ b/sys/sparc64/include/elf.h @@ -95,9 +95,8 @@ __ElfType(Auxinfo); #define AT_EHDRFLAGS 24 /* e_flags field from elf hdr */ #define AT_HWCAP 25 /* CPU feature flags. */ #define AT_HWCAP2 26 /* CPU feature flags 2. */ -#define AT_PAXFLAGS 27 /* PaX / HardenedBSD flags */ -#define AT_COUNT 28 /* Count of defined aux entry types. */ +#define AT_COUNT 27 /* Count of defined aux entry types. */ /* Define "machine" characteristics */ #if __ELF_WORD_SIZE == 32 diff --git a/sys/sys/imgact_elf.h b/sys/sys/imgact_elf.h index 0523822bfef..40ad7c72ef3 100644 --- a/sys/sys/imgact_elf.h +++ b/sys/sys/imgact_elf.h @@ -55,7 +55,6 @@ typedef struct { Elf_Size flags; Elf_Size entry; Elf_Word hdr_eflags; /* e_flags field from ehdr */ - Elf_Word pax_flags; } __ElfN(Auxargs); typedef struct { diff --git a/sys/x86/include/elf.h b/sys/x86/include/elf.h index edfc4d0435e..11eda7b6c78 100644 --- a/sys/x86/include/elf.h +++ b/sys/x86/include/elf.h @@ -104,9 +104,8 @@ __ElfType(Auxinfo); #define AT_EHDRFLAGS 24 /* e_flags field from elf hdr */ #define AT_HWCAP 25 /* CPU feature flags. */ #define AT_HWCAP2 26 /* CPU feature flags 2. */ -#define AT_PAXFLAGS 27 /* PaX / HardenedBSD flags */ -#define AT_COUNT 28 /* Count of defined aux entry types. */ +#define AT_COUNT 27 /* Count of defined aux entry types. */ /* * Relocation types. @@ -194,9 +193,8 @@ __ElfType(Auxinfo); #define AT_EHDRFLAGS 24 /* e_flags field from elf hdr */ #define AT_HWCAP 25 /* CPU feature flags. */ #define AT_HWCAP2 26 /* CPU feature flags 2. */ -#define AT_PAXFLAGS 27 /* PaX / HardenedBSD flags */ -#define AT_COUNT 28 /* Count of defined aux entry types. */ +#define AT_COUNT 27 /* Count of defined aux entry types. */ /* * Relocation types.