Remove kern.elf32.can_exec_dyn sysctl. Instead extend Brandinfo structure
with flags bitfield and set BI_CAN_EXEC_DYN flag for all brands that usually allow executing elf dynamic binaries (aka shared libraries). When it is requested to execute ET_DYN elf image check if this flag is on after we know the elf brand allowing execution if so. PR: kern/87615 Submitted by: Marcin Koziej <creep@desk.pl>
This commit is contained in:
parent
b9da93266f
commit
34fa5a81a5
share/man/man4/man4.i386
sys
alpha
amd64
arm/arm
compat/ia32
i386
ia64/ia64
kern
powerpc/powerpc
sparc64/sparc64
sys
@ -108,14 +108,6 @@ regardless of whether the
|
||||
.Nm
|
||||
module is statically linked into the kernel
|
||||
or loaded as a module.
|
||||
.Pp
|
||||
Some Linux scripts want to execute
|
||||
.Pa /lib/ld-linux.so.2 .
|
||||
In order to do this,
|
||||
you should turn the
|
||||
.Va kern.elf32.can_exec_dyn
|
||||
.Xr sysctl 8
|
||||
variable to 1.
|
||||
.Sh FILES
|
||||
.Bl -tag -width /compat/linux/proc -compact
|
||||
.It Pa /compat/linux
|
||||
|
@ -85,6 +85,7 @@ static Elf64_Brandinfo freebsd_brand_info = {
|
||||
"/libexec/ld-elf.so.1",
|
||||
&elf64_freebsd_sysvec,
|
||||
NULL,
|
||||
0,
|
||||
};
|
||||
|
||||
SYSINIT(elf64, SI_SUB_EXEC, SI_ORDER_ANY,
|
||||
@ -99,6 +100,7 @@ static Elf64_Brandinfo freebsd_brand_oinfo = {
|
||||
"/usr/libexec/ld-elf.so.1",
|
||||
&elf64_freebsd_sysvec,
|
||||
NULL,
|
||||
0,
|
||||
};
|
||||
|
||||
SYSINIT(oelf64, SI_SUB_EXEC, SI_ORDER_ANY,
|
||||
|
@ -208,6 +208,7 @@ static Elf64_Brandinfo linux_brand = {
|
||||
"/lib/ld-linux.so.1",
|
||||
&elf_linux_sysvec,
|
||||
NULL,
|
||||
BI_CAN_EXEC_DYN,
|
||||
};
|
||||
|
||||
static Elf64_Brandinfo linux_glibc2brand = {
|
||||
@ -218,6 +219,7 @@ static Elf64_Brandinfo linux_glibc2brand = {
|
||||
"/lib/ld-linux.so.2",
|
||||
&elf_linux_sysvec,
|
||||
NULL,
|
||||
BI_CAN_EXEC_DYN,
|
||||
};
|
||||
|
||||
Elf64_Brandinfo *linux_brandlist[] = {
|
||||
|
@ -82,6 +82,7 @@ static Elf64_Brandinfo freebsd_brand_info = {
|
||||
"/libexec/ld-elf.so.1",
|
||||
&elf64_freebsd_sysvec,
|
||||
NULL,
|
||||
0,
|
||||
};
|
||||
|
||||
SYSINIT(elf64, SI_SUB_EXEC, SI_ORDER_ANY,
|
||||
@ -96,6 +97,7 @@ static Elf64_Brandinfo freebsd_brand_oinfo = {
|
||||
"/usr/libexec/ld-elf.so.1",
|
||||
&elf64_freebsd_sysvec,
|
||||
NULL,
|
||||
0,
|
||||
};
|
||||
|
||||
SYSINIT(oelf64, SI_SUB_EXEC, SI_ORDER_ANY,
|
||||
|
@ -1026,6 +1026,7 @@ static Elf32_Brandinfo linux_brand = {
|
||||
"/lib/ld-linux.so.1",
|
||||
&elf_linux_sysvec,
|
||||
NULL,
|
||||
BI_CAN_EXEC_DYN,
|
||||
};
|
||||
|
||||
static Elf32_Brandinfo linux_glibc2brand = {
|
||||
@ -1036,6 +1037,7 @@ static Elf32_Brandinfo linux_glibc2brand = {
|
||||
"/lib/ld-linux.so.2",
|
||||
&elf_linux_sysvec,
|
||||
NULL,
|
||||
BI_CAN_EXEC_DYN,
|
||||
};
|
||||
|
||||
Elf32_Brandinfo *linux_brandlist[] = {
|
||||
|
@ -82,6 +82,7 @@ static Elf32_Brandinfo freebsd_brand_info = {
|
||||
"/libexec/ld-elf.so.1",
|
||||
&elf32_freebsd_sysvec,
|
||||
NULL,
|
||||
0,
|
||||
};
|
||||
|
||||
SYSINIT(elf32, SI_SUB_EXEC, SI_ORDER_ANY,
|
||||
@ -96,6 +97,7 @@ static Elf32_Brandinfo freebsd_brand_oinfo = {
|
||||
"/usr/libexec/ld-elf.so.1",
|
||||
&elf32_freebsd_sysvec,
|
||||
NULL,
|
||||
0,
|
||||
};
|
||||
|
||||
SYSINIT(oelf32, SI_SUB_EXEC, SI_ORDER_ANY,
|
||||
|
@ -137,6 +137,7 @@ static Elf32_Brandinfo ia32_brand_info = {
|
||||
"/libexec/ld-elf.so.1",
|
||||
&ia32_freebsd_sysvec,
|
||||
"/libexec/ld-elf32.so.1",
|
||||
0,
|
||||
};
|
||||
|
||||
SYSINIT(ia32, SI_SUB_EXEC, SI_ORDER_ANY,
|
||||
@ -151,6 +152,7 @@ static Elf32_Brandinfo ia32_brand_oinfo = {
|
||||
"/usr/libexec/ld-elf.so.1",
|
||||
&ia32_freebsd_sysvec,
|
||||
"/libexec/ld-elf32.so.1",
|
||||
0,
|
||||
};
|
||||
|
||||
SYSINIT(oia32, SI_SUB_EXEC, SI_ORDER_ANY,
|
||||
|
@ -82,6 +82,7 @@ static Elf32_Brandinfo freebsd_brand_info = {
|
||||
"/libexec/ld-elf.so.1",
|
||||
&elf32_freebsd_sysvec,
|
||||
NULL,
|
||||
0,
|
||||
};
|
||||
|
||||
SYSINIT(elf32, SI_SUB_EXEC, SI_ORDER_ANY,
|
||||
@ -96,6 +97,7 @@ static Elf32_Brandinfo freebsd_brand_oinfo = {
|
||||
"/usr/libexec/ld-elf.so.1",
|
||||
&elf32_freebsd_sysvec,
|
||||
NULL,
|
||||
0,
|
||||
};
|
||||
|
||||
SYSINIT(oelf32, SI_SUB_EXEC, SI_ORDER_ANY,
|
||||
|
@ -868,6 +868,7 @@ static Elf32_Brandinfo linux_brand = {
|
||||
"/lib/ld-linux.so.1",
|
||||
&elf_linux_sysvec,
|
||||
NULL,
|
||||
BI_CAN_EXEC_DYN,
|
||||
};
|
||||
|
||||
static Elf32_Brandinfo linux_glibc2brand = {
|
||||
@ -878,6 +879,7 @@ static Elf32_Brandinfo linux_glibc2brand = {
|
||||
"/lib/ld-linux.so.2",
|
||||
&elf_linux_sysvec,
|
||||
NULL,
|
||||
BI_CAN_EXEC_DYN,
|
||||
};
|
||||
|
||||
Elf32_Brandinfo *linux_brandlist[] = {
|
||||
|
@ -90,6 +90,7 @@ static Elf64_Brandinfo freebsd_brand_info = {
|
||||
"/libexec/ld-elf.so.1",
|
||||
&elf64_freebsd_sysvec,
|
||||
NULL,
|
||||
0,
|
||||
};
|
||||
SYSINIT(elf64, SI_SUB_EXEC, SI_ORDER_ANY,
|
||||
(sysinit_cfunc_t)elf64_insert_brand_entry, &freebsd_brand_info);
|
||||
@ -102,6 +103,7 @@ static Elf64_Brandinfo freebsd_brand_oinfo = {
|
||||
"/usr/libexec/ld-elf.so.1",
|
||||
&elf64_freebsd_sysvec,
|
||||
NULL,
|
||||
0,
|
||||
};
|
||||
SYSINIT(oelf64, SI_SUB_EXEC, SI_ORDER_ANY,
|
||||
(sysinit_cfunc_t)elf64_insert_brand_entry, &freebsd_brand_oinfo);
|
||||
|
@ -97,11 +97,6 @@ SYSCTL_INT(__CONCAT(_kern_elf, __ELF_WORD_SIZE), OID_AUTO,
|
||||
TUNABLE_INT("kern.elf" __XSTRING(__ELF_WORD_SIZE) ".fallback_brand",
|
||||
&__elfN(fallback_brand));
|
||||
|
||||
int __elfN(can_exec_dyn) = 0;
|
||||
SYSCTL_INT(__CONCAT(_kern_elf, __ELF_WORD_SIZE), OID_AUTO,
|
||||
can_exec_dyn, CTLFLAG_RW, &__elfN(can_exec_dyn), 0,
|
||||
__XSTRING(__CONCAT(ELF, __ELF_WORD_SIZE)) " can exec shared libraries");
|
||||
|
||||
static int elf_trace = 0;
|
||||
SYSCTL_INT(_debug, OID_AUTO, __elfN(trace), CTLFLAG_RW, &elf_trace, 0, "");
|
||||
|
||||
@ -619,9 +614,12 @@ __CONCAT(exec_, __elfN(imgact))(struct image_params *imgp)
|
||||
|
||||
/*
|
||||
* Do we have a valid ELF header ?
|
||||
*
|
||||
* Only allow ET_EXEC & ET_DYN here, reject ET_DYN later
|
||||
* if particular brand doesn't support it.
|
||||
*/
|
||||
if (__elfN(check_header)(hdr) != 0 || (hdr->e_type != ET_EXEC
|
||||
&& (!__elfN(can_exec_dyn) || hdr->e_type != ET_DYN)))
|
||||
if (__elfN(check_header)(hdr) != 0 ||
|
||||
(hdr->e_type != ET_EXEC && hdr->e_type != ET_DYN))
|
||||
return (-1);
|
||||
|
||||
/*
|
||||
@ -654,6 +652,11 @@ __CONCAT(exec_, __elfN(imgact))(struct image_params *imgp)
|
||||
hdr->e_ident[EI_OSABI]);
|
||||
return (ENOEXEC);
|
||||
}
|
||||
if (hdr->e_type == ET_DYN &&
|
||||
(brand_info->flags & BI_CAN_EXEC_DYN) == 0) {
|
||||
error = ENOEXEC;
|
||||
goto fail;
|
||||
}
|
||||
sv = brand_info->sysvec;
|
||||
if (interp != NULL && brand_info->interp_newpath != NULL)
|
||||
interp = brand_info->interp_newpath;
|
||||
|
@ -85,6 +85,7 @@ static Elf32_Brandinfo freebsd_brand_info = {
|
||||
"/libexec/ld-elf.so.1",
|
||||
&elf32_freebsd_sysvec,
|
||||
NULL,
|
||||
0,
|
||||
};
|
||||
|
||||
SYSINIT(elf32, SI_SUB_EXEC, SI_ORDER_ANY,
|
||||
@ -99,6 +100,7 @@ static Elf32_Brandinfo freebsd_brand_oinfo = {
|
||||
"/usr/libexec/ld-elf.so.1",
|
||||
&elf32_freebsd_sysvec,
|
||||
NULL,
|
||||
0,
|
||||
};
|
||||
|
||||
SYSINIT(oelf32, SI_SUB_EXEC, SI_ORDER_ANY,
|
||||
|
@ -95,6 +95,7 @@ static Elf64_Brandinfo freebsd_brand_info = {
|
||||
"/libexec/ld-elf.so.1",
|
||||
&elf64_freebsd_sysvec,
|
||||
NULL,
|
||||
0,
|
||||
};
|
||||
|
||||
SYSINIT(elf64, SI_SUB_EXEC, SI_ORDER_ANY,
|
||||
@ -109,6 +110,7 @@ static Elf64_Brandinfo freebsd_brand_oinfo = {
|
||||
"/usr/libexec/ld-elf.so.1",
|
||||
&elf64_freebsd_sysvec,
|
||||
NULL,
|
||||
0,
|
||||
};
|
||||
|
||||
SYSINIT(oelf64, SI_SUB_EXEC, SI_ORDER_ANY,
|
||||
|
@ -63,6 +63,8 @@ typedef struct {
|
||||
const char *interp_path;
|
||||
struct sysentvec *sysvec;
|
||||
const char *interp_newpath;
|
||||
int flags;
|
||||
#define BI_CAN_EXEC_DYN 0x0001
|
||||
} __ElfN(Brandinfo);
|
||||
|
||||
__ElfType(Auxargs);
|
||||
|
Loading…
x
Reference in New Issue
Block a user