glibc/glibc-rh1276761-1.patch

commit a014cecd82b71b70a6a843e250e06b541ad524f7
Author: Florian Weimer <fweimer@redhat.com>
Date:   Thu Oct 15 09:23:07 2015 +0200

    Always enable pointer guard [BZ #18928]
    
    Honoring the LD_POINTER_GUARD environment variable in AT_SECURE mode
    has security implications.  This commit enables pointer guard
    unconditionally, and the environment variable is now ignored.
    
Index: b/elf/rtld.c
===================================================================
--- a/elf/rtld.c
+++ b/elf/rtld.c
@@ -160,7 +160,6 @@ struct rtld_global_ro _rtld_global_ro at
     ._dl_hwcap_mask = HWCAP_IMPORTANT,
     ._dl_lazy = 1,
     ._dl_fpu_control = _FPU_DEFAULT,
-    ._dl_pointer_guard = 1,
     ._dl_pagesize = EXEC_PAGESIZE,
     ._dl_inhibit_cache = 0,
 
@@ -707,15 +706,12 @@ security_init (void)
 #endif
 
   /* Set up the pointer guard as well, if necessary.  */
-  if (GLRO(dl_pointer_guard))
-    {
-      uintptr_t pointer_chk_guard = _dl_setup_pointer_guard (_dl_random,
-							     stack_chk_guard);
+  uintptr_t pointer_chk_guard
+    = _dl_setup_pointer_guard (_dl_random, stack_chk_guard);
 #ifdef THREAD_SET_POINTER_GUARD
-      THREAD_SET_POINTER_GUARD (pointer_chk_guard);
+  THREAD_SET_POINTER_GUARD (pointer_chk_guard);
 #endif
-      __pointer_chk_guard_local = pointer_chk_guard;
-    }
+  __pointer_chk_guard_local = pointer_chk_guard;
 
   /* We do not need the _dl_random value anymore.  The less
      information we leave behind, the better, so clear the
@@ -2467,9 +2463,6 @@ process_envvars (enum mode *modep)
 	      GLRO(dl_use_load_bias) = envline[14] == '1' ? -1 : 0;
 	      break;
 	    }
-
-	  if (memcmp (envline, "POINTER_GUARD", 13) == 0)
-	    GLRO(dl_pointer_guard) = envline[14] != '0';
 	  break;
 
 	case 14:
Index: b/sysdeps/generic/ldsodefs.h
===================================================================
--- a/sysdeps/generic/ldsodefs.h
+++ b/sysdeps/generic/ldsodefs.h
@@ -592,9 +592,6 @@ struct rtld_global_ro
   /* List of auditing interfaces.  */
   struct audit_ifaces *_dl_audit;
   unsigned int _dl_naudit;
-
-  /* 0 if internal pointer values should not be guarded, 1 if they should.  */
-  EXTERN int _dl_pointer_guard;
 };
 # define __rtld_global_attribute__
 # if IS_IN (rtld)
Resolves: #1276761 Apply additional pointer guard hardening. 2015-12-05 14:06:23 +00:00			`commit a014cecd82b71b70a6a843e250e06b541ad524f7`
			`Author: Florian Weimer <fweimer@redhat.com>`
			`Date: Thu Oct 15 09:23:07 2015 +0200`

			`Always enable pointer guard [BZ #18928]`

			`Honoring the LD_POINTER_GUARD environment variable in AT_SECURE mode`
			`has security implications. This commit enables pointer guard`
			`unconditionally, and the environment variable is now ignored.`

			`Index: b/elf/rtld.c`
			`===================================================================`
			`--- a/elf/rtld.c`
			`+++ b/elf/rtld.c`
			`@@ -160,7 +160,6 @@ struct rtld_global_ro _rtld_global_ro at`
			`._dl_hwcap_mask = HWCAP_IMPORTANT,`
			`._dl_lazy = 1,`
			`._dl_fpu_control = _FPU_DEFAULT,`
			`- ._dl_pointer_guard = 1,`
			`._dl_pagesize = EXEC_PAGESIZE,`
			`._dl_inhibit_cache = 0,`

			`@@ -707,15 +706,12 @@ security_init (void)`
			`#endif`

			`/* Set up the pointer guard as well, if necessary. */`
			`- if (GLRO(dl_pointer_guard))`
			`- {`
			`- uintptr_t pointer_chk_guard = _dl_setup_pointer_guard (_dl_random,`
			`- stack_chk_guard);`
			`+ uintptr_t pointer_chk_guard`
			`+ = _dl_setup_pointer_guard (_dl_random, stack_chk_guard);`
			`#ifdef THREAD_SET_POINTER_GUARD`
			`- THREAD_SET_POINTER_GUARD (pointer_chk_guard);`
			`+ THREAD_SET_POINTER_GUARD (pointer_chk_guard);`
			`#endif`
			`- __pointer_chk_guard_local = pointer_chk_guard;`
			`- }`
			`+ __pointer_chk_guard_local = pointer_chk_guard;`

			`/* We do not need the _dl_random value anymore. The less`
			`information we leave behind, the better, so clear the`
			`@@ -2467,9 +2463,6 @@ process_envvars (enum mode *modep)`
			`GLRO(dl_use_load_bias) = envline[14] == '1' ? -1 : 0;`
			`break;`
			`}`
			`-`
			`- if (memcmp (envline, "POINTER_GUARD", 13) == 0)`
			`- GLRO(dl_pointer_guard) = envline[14] != '0';`
			`break;`

			`case 14:`
			`Index: b/sysdeps/generic/ldsodefs.h`
			`===================================================================`
			`--- a/sysdeps/generic/ldsodefs.h`
			`+++ b/sysdeps/generic/ldsodefs.h`
			`@@ -592,9 +592,6 @@ struct rtld_global_ro`
			`/* List of auditing interfaces. */`
			`struct audit_ifaces *_dl_audit;`
			`unsigned int _dl_naudit;`
			`-`
			`- /* 0 if internal pointer values should not be guarded, 1 if they should. */`
			`- EXTERN int _dl_pointer_guard;`
			`};`
			`# define __rtld_global_attribute__`
			`# if IS_IN (rtld)`