diff --git a/elfutils-0.163-default-yama-conf.patch b/elfutils-0.163-default-yama-conf.patch new file mode 100644 index 0000000..4f2ab29 --- /dev/null +++ b/elfutils-0.163-default-yama-conf.patch @@ -0,0 +1,166 @@ +commit 65a818baa4bcae96c1e9516420fcd87a2db3c863 +Author: Mark Wielaard +Date: Tue Aug 4 12:20:20 2015 +0200 + + spec: Provide default-yama-scope. + + When yama is enabled in the kernel it might be used to filter any user + space access which requires PTRACE_MODE_ATTACH like ptrace attach, access + to /proc/PID/{mem,personality,stack,syscall}, and the syscalls + process_vm_readv and process_vm_writev which are used for interprocess + services, communication and introspection (like synchronisation, signaling, + debugging, tracing and profiling) of processes. + + These are precisely the things that libdw dwfl and ebl backends rely on. + So make sure they don't mysteriously fail in such cases by providing the + default yama scope sysctl value. + + This is implemented as a separate subpackage that just provides this + functionality so other packages that don't directly rely on elfutils-libs + can also just Require: default-yama-scope to function properly. + https://bugzilla.redhat.com/show_bug.cgi?id=1209492#c69 + + Signed-off-by: Mark Wielaard + +diff --git a/config/10-default-yama-scope.conf b/config/10-default-yama-scope.conf +new file mode 100644 +index 0000000..ba78ebd +--- /dev/null ++++ b/config/10-default-yama-scope.conf +@@ -0,0 +1,35 @@ ++# When yama is enabled in the kernel it might be used to filter any user ++# space access which requires PTRACE_MODE_ATTACH like ptrace attach, access ++# to /proc/PID/{mem,personality,stack,syscall}, and the syscalls ++# process_vm_readv and process_vm_writev which are used for interprocess ++# services, communication and introspection (like synchronisation, signaling, ++# debugging, tracing and profiling) of processes. ++# ++# Usage of ptrace attach is restricted by normal user permissions. Normal ++# unprivileged processes cannot interact through ptrace with processes ++# that they cannot send signals to or processes that are running set-uid ++# or set-gid. ++# ++# yama ptrace scope can be used to reduce these permissions even more. ++# This should normally not be done because it will break various programs ++# relying on the default ptrace security restrictions. But can be used ++# if you don't have any other way to separate processes in their own ++# domains. A different way to restrict ptrace is to set the selinux ++# deny_ptrace boolean. Both mechanisms will break some programs relying ++# on the ptrace system call and might force users to elevate their ++# priviliges to root to do their work. ++# ++# For more information see Documentation/security/Yama.txt in the kernel ++# sources. Which also describes the defaults when CONFIG_SECURITY_YAMA ++# is enabled in a kernel build (currently 1 for ptrace_scope). ++# ++# This runtime kernel parameter can be set to the following options: ++# (Note that setting this to anything except zero will break programs!) ++# ++# 0 - Default attach security permissions. ++# 1 - Restricted attach. Only child processes plus normal permissions. ++# 2 - Admin-only attach. Only executables with CAP_SYS_PTRACE. ++# 3 - No attach. No process may call ptrace at all. Irrevocable. ++# ++kernel.yama.ptrace_scope = 0 ++ +diff --git a/config/ChangeLog b/config/ChangeLog +index 00f3ddc..31eeca7 100644 +--- a/config/ChangeLog ++++ b/config/ChangeLog +@@ -1,3 +1,10 @@ ++2015-08-04 Mark Wielaard ++ ++ * 10-default-yama-scope.conf: New file. ++ * Makefile.am (EXTRA_DIST): Add 10-default-yama-scope.conf. ++ * elfutils.spec.in (Requires): default-yama-scope. ++ (default-yama-scope): New package. ++ + 2015-06-19 Mark Wielaard + + * elfutils.spec.in: Update for 0.163. +diff --git a/config/Makefile.am b/config/Makefile.am +index 6e61b77..23f7b65 100644 +--- a/config/Makefile.am ++++ b/config/Makefile.am +@@ -1,7 +1,7 @@ + ## Process this file with automake to produce Makefile.in -*-Makefile-*- + ## Configure input file for elfutils. + ## +-## Copyright (C) 2004, 2005, 2008, 2009, 2011 Red Hat, Inc. ++## Copyright (C) 2004, 2005, 2008, 2009, 2011, 2015 Red Hat, Inc. + ## This file is part of elfutils. + ## + ## This file is free software; you can redistribute it and/or modify +@@ -28,7 +28,7 @@ + ## the GNU Lesser General Public License along with this program. If + ## not, see . + ## +-EXTRA_DIST = elfutils.spec.in known-dwarf.awk ++EXTRA_DIST = elfutils.spec.in known-dwarf.awk 10-default-yama-scope.conf + + if MAINTAINER_MODE + $(srcdir)/elfutils.spec.in: $(top_srcdir)/NEWS +diff --git a/config/elfutils.spec.in b/config/elfutils.spec.in +index 5407f1a..e5f6e29 100644 +--- a/config/elfutils.spec.in ++++ b/config/elfutils.spec.in +@@ -10,6 +10,7 @@ Obsoletes: libelf libelf-devel + Requires: elfutils-libelf = %{version}-%{release} + Requires: glibc >= 2.7 + Requires: libstdc++ ++Requires: default-yama-scope + + # ExcludeArch: xxx + +@@ -97,6 +98,22 @@ Conflicts: libelf-devel + The elfutils-libelf-static package contains the static archive + for libelf. + ++%package default-yama-scope ++Summary: Default yama attach scope sysctl setting ++Group: Development/Tools ++License: GPLv2+ or LGPLv3+ ++Provides: default-yama-scope ++BuildArch: noarch ++ ++%description default-yama-scope ++Yama sysctl setting to enable default attach scope settings ++enabling programs to use ptrace attach, access to ++/proc/PID/{mem,personality,stack,syscall}, and the syscalls ++process_vm_readv and process_vm_writev which are used for ++interprocess services, communication and introspection ++(like synchronisation, signaling, debugging, tracing and ++profiling) of processes. ++ + %prep + %setup -q + +@@ -121,6 +138,8 @@ chmod +x ${RPM_BUILD_ROOT}%{_prefix}/%{_lib}/elfutils/lib*.so* + rm -f .%{_libdir}/libasm.a + } + ++install -Dm0644 config/10-default-yama-scope.conf ${RPM_BUILD_ROOT}%{_sysctldir}/10-default-yama-scope.conf ++ + %check + make check + +@@ -135,6 +154,9 @@ rm -rf ${RPM_BUILD_ROOT} + + %postun libelf -p /sbin/ldconfig + ++%post default-yama-scope ++%sysctl_apply 10-default-yama-scope.conf ++ + %files + %defattr(-,root,root) + %doc COPYING COPYING-GPLV2 COPYING-LGPLV3 README TODO CONTRIBUTING +@@ -197,6 +219,9 @@ rm -rf ${RPM_BUILD_ROOT} + %files libelf-devel-static + %{_libdir}/libelf.a + ++%files default-yama-scope ++%config(noreplace) %{_sysctldir}/10-default-yama-scope.conf ++ + %changelog + * Fri Jun 19 2015 Mark Wielaard 0.163-1 + - Bug fixes only, no new features. diff --git a/elfutils-0.163-readelf-n-undefined-shift.patch b/elfutils-0.163-readelf-n-undefined-shift.patch new file mode 100644 index 0000000..a26e209 --- /dev/null +++ b/elfutils-0.163-readelf-n-undefined-shift.patch @@ -0,0 +1,49 @@ +commit b00a4fa78779ff0f304fa6cb34d49622679c86d4 +Author: Mark Wielaard +Date: Thu Sep 3 10:50:58 2015 +0200 + + readelf: handle_core_item large right shift triggers undefined behaviour. + + The problem is this: + + int n = ffs (w); + w >>= n; + + The intent is to shift away up to (and including) the first least + significant bit in w. But w is an unsigned int, so 32 bits. And the + least significant bit could be bit 32 (ffs counts from 1). Unfortunately + a right shift equal to (or larger than) the length in bits of the left + hand operand is undefined behaviour. We expect w to be zero afterwards. + Which would terminate the while loop in the function. But since it is + undefined behaviour anything can happen. In this case, what will actually + happen is that w is unchanged, causing an infinite loop... + + gcc -fsanitize=undefined will catch and warn about this when w = 0x80000000 + + https://bugzilla.redhat.com/show_bug.cgi?id=1259259 + + Signed-off-by: Mark Wielaard + +diff --git a/src/readelf.c b/src/readelf.c +index d3c2b6b..aab8b5c 100644 +--- a/src/readelf.c ++++ b/src/readelf.c +@@ -8474,8 +8474,16 @@ handle_core_item (Elf *core, const Ebl_Core_Item *item, const void *desc, + unsigned int w = negate ? ~*i : *i; + while (w != 0) + { +- int n = ffs (w); +- w >>= n; ++ /* Note that a right shift equal to (or greater than) ++ the number of bits of w is undefined behaviour. In ++ particular when the least significant bit is bit 32 ++ (w = 0x8000000) then w >>= n is undefined. So ++ explicitly handle that case separately. */ ++ unsigned int n = ffs (w); ++ if (n < sizeof (w) * 8) ++ w >>= n; ++ else ++ w = 0; + bit += n; + + if (lastbit != 0 && lastbit + 1 == bit) diff --git a/elfutils-0.163-unstrip-shf_info_link.patch b/elfutils-0.163-unstrip-shf_info_link.patch new file mode 100644 index 0000000..e3a27ff --- /dev/null +++ b/elfutils-0.163-unstrip-shf_info_link.patch @@ -0,0 +1,91 @@ +commit f9fc50c3eced243c0648fb0fbfe2c9877c25e1e4 +Author: Mark Wielaard +Date: Wed Jul 29 17:51:27 2015 +0200 + + unstrip: Handle debuginfo files with missing SHF_INFO_LINK section flags. + + With GCC 5 there might be a .rela.plt section with SHF_INFO_LINK set. + Buggy binutils objdump might strip it from the section in the debug file. + Ignore such differences for relocation sections and put the flag back + if necessary. + + Also improve the error message a little by only discarding the already + matched sections if there is an prelink undo section. Otherwise we will + report all sections as not matching if the file wasn't prelinked instead + of just the non-matching sections. + + New testfiles generated by gcc5 and binutils objdump added. + + Signed-off-by: Mark Wielaard + +diff --git a/src/unstrip.c b/src/unstrip.c +index 4a8e5fa..8833094 100644 +--- a/src/unstrip.c ++++ b/src/unstrip.c +@@ -867,12 +867,28 @@ compare_symbols_output (const void *a, const void *b) + + #undef CMP + ++/* Return true if the flags of the sections match, ignoring the SHF_INFO_LINK ++ flag if the section contains relocation information. */ ++static bool ++sections_flags_match (Elf64_Xword sh_flags1, Elf64_Xword sh_flags2, ++ Elf64_Word sh_type) ++{ ++ if (sh_type == SHT_REL || sh_type == SHT_RELA) ++ { ++ sh_flags1 &= ~SHF_INFO_LINK; ++ sh_flags2 &= ~SHF_INFO_LINK; ++ } ++ ++ return sh_flags1 == sh_flags2; ++} ++ + /* Return true iff the flags, size, and name match. */ + static bool + sections_match (const struct section *sections, size_t i, + const GElf_Shdr *shdr, const char *name) + { +- return (sections[i].shdr.sh_flags == shdr->sh_flags ++ return (sections_flags_match (sections[i].shdr.sh_flags, shdr->sh_flags, ++ sections[i].shdr.sh_type) + && (sections[i].shdr.sh_size == shdr->sh_size + || (sections[i].shdr.sh_size < shdr->sh_size + && section_can_shrink (§ions[i].shdr))) +@@ -930,10 +946,6 @@ find_alloc_sections_prelink (Elf *debug, Elf_Data *debug_shstrtab, + struct section *sections, + size_t nalloc, size_t nsections) + { +- /* Clear assignments that might have been bogus. */ +- for (size_t i = 0; i < nalloc; ++i) +- sections[i].outscn = NULL; +- + Elf_Scn *undo = NULL; + for (size_t i = nalloc; i < nsections; ++i) + { +@@ -952,6 +964,10 @@ find_alloc_sections_prelink (Elf *debug, Elf_Data *debug_shstrtab, + size_t undo_nalloc = 0; + if (undo != NULL) + { ++ /* Clear assignments that might have been bogus. */ ++ for (size_t i = 0; i < nalloc; ++i) ++ sections[i].outscn = NULL; ++ + Elf_Data *undodata = elf_rawdata (undo, NULL); + ELF_CHECK (undodata != NULL, + _("cannot read '.gnu.prelink_undo' section: %s")); +@@ -1500,6 +1516,14 @@ more sections in stripped file than debug file -- arguments reversed?")); + shdr_mem.sh_size = sec->shdr.sh_size; + shdr_mem.sh_info = sec->shdr.sh_info; + shdr_mem.sh_link = sec->shdr.sh_link; ++ ++ /* Buggy binutils objdump might have stripped the SHF_INFO_LINK ++ put it back if necessary. */ ++ if ((sec->shdr.sh_type == SHT_REL || sec->shdr.sh_type == SHT_RELA) ++ && sec->shdr.sh_flags != shdr_mem.sh_flags ++ && (sec->shdr.sh_flags & SHF_INFO_LINK) != 0) ++ shdr_mem.sh_flags |= SHF_INFO_LINK; ++ + if (sec->shdr.sh_link != SHN_UNDEF) + shdr_mem.sh_link = ndx_section[sec->shdr.sh_link - 1]; + if (shdr_mem.sh_flags & SHF_INFO_LINK) diff --git a/elfutils.spec b/elfutils.spec index 06684a6..ec4fbfc 100644 --- a/elfutils.spec +++ b/elfutils.spec @@ -1,7 +1,7 @@ Name: elfutils Summary: A collection of utilities and DSOs to handle compiled objects Version: 0.163 -%global baserelease 1 +%global baserelease 4 URL: https://fedorahosted.org/elfutils/ %global source_url http://fedorahosted.org/releases/e/l/elfutils/%{version}/ License: GPLv3+ and (GPLv2+ or LGPLv3+) @@ -18,6 +18,7 @@ Group: Development/Tools %global separate_devel_static 1 %global use_zlib 0 %global use_xz 0 +%global provide_yama_scope 0 %if 0%{?rhel} %global portability (%rhel < 6) @@ -32,6 +33,7 @@ Group: Development/Tools %global separate_devel_static (%fedora >= 7) %global use_zlib (%fedora >= 5) %global use_xz (%fedora >= 10) +%global provide_yama_scope (%fedora >= 22) %endif %if %{compat} || %{!?rhel:6}%{?rhel} < 6 @@ -46,6 +48,10 @@ Source: %{?source_url}%{name}-%{version}.tar.bz2 Patch1: %{?source_url}elfutils-portability-%{version}.patch +Patch2: elfutils-0.163-unstrip-shf_info_link.patch +Patch3: elfutils-0.163-default-yama-conf.patch +Patch4: elfutils-0.163-readelf-n-undefined-shift.patch + %if !%{compat} Release: %{baserelease}%{?dist} %else @@ -97,6 +103,9 @@ License: GPLv2+ or LGPLv3+ Provides: elfutils-libs%{depsuffix} = %{version}-%{release} %endif Requires: elfutils-libelf%{depsuffix} = %{version}-%{release} +%if %{provide_yama_scope} +Requires: default-yama-scope +%endif %description libs The elfutils-libs package contains libraries which implement DWARF, ELF, @@ -185,6 +194,26 @@ Requires: elfutils-libelf-devel%{depsuffix} = %{version}-%{release} The elfutils-libelf-static package contains the static archive for libelf. +%if %{provide_yama_scope} +%package default-yama-scope +Summary: Default yama attach scope sysctl setting +Group: Development/Tools +License: GPLv2+ or LGPLv3+ +Provides: default-yama-scope +BuildArch: noarch +# For the sysctl_apply macro +BuildRequires: systemd >= 215 + +%description default-yama-scope +Yama sysctl setting to enable default attach scope settings +enabling programs to use ptrace attach, access to +/proc/PID/{mem,personality,stack,syscall}, and the syscalls +process_vm_readv and process_vm_writev which are used for +interprocess services, communication and introspection +(like synchronisation, signaling, debugging, tracing and +profiling) of processes. +%endif + %prep %setup -q @@ -205,6 +234,10 @@ sed -i.scanf-m -e 's/%m/%a/g' src/addr2line.c tests/line2addr.c %endif %endif +%patch2 -p1 -b .shf_info_link +%patch3 -p1 -b .yama_scope +%patch4 -p1 -b .right_shift + find . -name \*.sh ! -perm -0100 -print | xargs chmod +x %build @@ -246,6 +279,10 @@ chmod +x ${RPM_BUILD_ROOT}%{_prefix}/%{_lib}/elfutils/lib*.so* %find_lang %{name} +%if %{provide_yama_scope} +install -Dm0644 config/10-default-yama-scope.conf ${RPM_BUILD_ROOT}%{_sysctldir}/10-default-yama-scope.conf +%endif + %check make -s %{?_smp_mflags} check || (cat tests/test-suite.log; %{nocheck}) @@ -260,6 +297,11 @@ rm -rf ${RPM_BUILD_ROOT} %postun libelf -p /sbin/ldconfig +%if %{provide_yama_scope} +%post default-yama-scope +%sysctl_apply 10-default-yama-scope.conf +%endif + %files %defattr(-,root,root) %{!?_licensedir:%global license %%doc} @@ -332,7 +374,23 @@ rm -rf ${RPM_BUILD_ROOT} %defattr(-,root,root) %{_libdir}/libelf.a +%if %{provide_yama_scope} +%files default-yama-scope +%defattr(-,root,root) +%config(noreplace) %{_sysctldir}/10-default-yama-scope.conf +%endif + %changelog +* Mon Sep 07 2015 Mark Wielaard - 0.163-4 +- Add elfutils-0.163-readelf-n-undefined-shift.patch (#1259259) + +* Tue Aug 04 2015 Mark Wielaard - 0.163-3 +- Add elfutils-0.163-default-yama-conf.patch (#1250079) + Provides: default-yama-scope + +* Mon Aug 03 2015 Mark Wielaard - 0.163-2 +- Add elfutils-0.163-unstrip-shf_info_link.patch + * Fri Jun 19 2015 Mark Wielaard - 0.163-1 - Update to 0.163 - Drop elfutils-0.162-ftruncate-allocate.patch