| From 378397fc612b96d9cd6731db2725aa927d6331ad Mon Sep 17 00:00:00 2001 |
| From: Marcin Kościelnicki <mwk@0x04.net> |
| Date: Mon, 9 Dec 2019 12:28:41 -0800 |
| Subject: [PATCH] rtld: Check __libc_enable_secure before honoring |
| LD_PREFER_MAP_32BIT_EXEC (CVE-2019-19126) |
| |
| The problem was introduced in glibc 2.23, in commit |
| b9eb92ab05204df772eb4929eccd018637c9f3e9 |
| ("Add Prefer_MAP_32BIT_EXEC to map executable pages with MAP_32BIT"). |
| |
| (cherry picked from commit d5dfad4326fc683c813df1e37bbf5cf920591c8e) |
| --- |
| sysdeps/unix/sysv/linux/x86_64/64/dl-librecon.h | 3 ++- |
| 1 file changed, 2 insertions(+), 1 deletion(-) |
| |
| diff --git a/sysdeps/unix/sysv/linux/x86_64/64/dl-librecon.h b/sysdeps/unix/sysv/linux/x86_64/64/dl-librecon.h |
| index 194369174d..e7f0373a70 100644 |
| --- a/sysdeps/unix/sysv/linux/x86_64/64/dl-librecon.h |
| +++ b/sysdeps/unix/sysv/linux/x86_64/64/dl-librecon.h |
| @@ -31,7 +31,8 @@ |
| environment variable, LD_PREFER_MAP_32BIT_EXEC. */ |
| #define EXTRA_LD_ENVVARS \ |
| case 21: \ |
| - if (memcmp (envline, "PREFER_MAP_32BIT_EXEC", 21) == 0) \ |
| + if (!__libc_enable_secure \ |
| + && memcmp (envline, "PREFER_MAP_32BIT_EXEC", 21) == 0) \ |
| GLRO(dl_x86_cpu_features).feature[index_arch_Prefer_MAP_32BIT_EXEC] \ |
| |= bit_arch_Prefer_MAP_32BIT_EXEC; \ |
| break; |
| -- |
| 2.24.0.393.g34dc348eaf-goog |
| |