From: Marcin Koƛcielnicki Date: Wed, 20 Nov 2019 23:20:15 +0000 (+0100) Subject: rtld: Check __libc_enable_secure before honoring LD_PREFER_MAP_32BIT_EXEC (CVE-2019... X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=2626b15e88e00b5e9c8cc3962cf4768a5344f07a;p=thirdparty%2Fglibc.git rtld: Check __libc_enable_secure before honoring LD_PREFER_MAP_32BIT_EXEC (CVE-2019-19126) [BZ #25204] The problem was introduced in glibc 2.23, in commit b9eb92ab05204df772eb4929eccd018637c9f3e9 ("Add Prefer_MAP_32BIT_EXEC to map executable pages with MAP_32BIT"). (cherry picked from commit d5dfad4326fc683c813df1e37bbf5cf920591c8e) Change-Id: Ib782573b4623ee3edfa9f98ad62f69b9d8edcb27 --- diff --git a/NEWS b/NEWS index 5dc41ff3eb0..4ad7c47d5f4 100644 --- a/NEWS +++ b/NEWS @@ -35,6 +35,7 @@ The following bugs are resolved with this release: [24744] io: Remove the copy_file_range emulation [24986] alpha: new getegid, geteuid and getppid syscalls used unconditionally + [25204] Ignore LD_PREFER_MAP_32BIT_EXEC for SUID programs Security related changes: diff --git a/sysdeps/unix/sysv/linux/x86_64/64/dl-librecon.h b/sysdeps/unix/sysv/linux/x86_64/64/dl-librecon.h index 975cbe2950e..df2cdfdb6b3 100644 --- a/sysdeps/unix/sysv/linux/x86_64/64/dl-librecon.h +++ b/sysdeps/unix/sysv/linux/x86_64/64/dl-librecon.h @@ -31,7 +31,8 @@ environment variable, LD_PREFER_MAP_32BIT_EXEC. */ #define EXTRA_LD_ENVVARS \ case 21: \ - if (memcmp (envline, "PREFER_MAP_32BIT_EXEC", 21) == 0) \ + if (!__libc_enable_secure \ + && memcmp (envline, "PREFER_MAP_32BIT_EXEC", 21) == 0) \ GLRO(dl_x86_cpu_features).feature[index_arch_Prefer_MAP_32BIT_EXEC] \ |= bit_arch_Prefer_MAP_32BIT_EXEC; \ break;