Remove kern.elf32.can_exec_dyn sysctl. Instead extend Brandinfo structure

with flags bitfield and set BI_CAN_EXEC_DYN flag for all brands that usually allow executing elf dynamic binaries (aka shared libraries). When it is requested to execute ET_DYN elf image check if this flag is on after we know the elf brand allowing execution if so. PR: kern/87615 Submitted by: Marcin Koziej <creep@desk.pl>
author: sobomax <sobomax@FreeBSD.org> 2005-12-26 21:23:57 +0000
committer: sobomax <sobomax@FreeBSD.org> 2005-12-26 21:23:57 +0000
commit: 34fa5a81a54eaa10eb4a68d7f7e3345ece4f9e28 (patch)
tree: 915d25cef97f2d33bc2aa9fb449ee4c0faa7722d /sys
parent: b9da93266fdc570180552a109592b65aedf45357 (diff)
download: FreeBSD-src-34fa5a81a54eaa10eb4a68d7f7e3345ece4f9e28.zip
FreeBSD-src-34fa5a81a54eaa10eb4a68d7f7e3345ece4f9e28.tar.gz
13 files changed, 34 insertions, 7 deletions
diff --git a/sys/alpha/alpha/elf_machdep.c b/sys/alpha/alpha/elf_machdep.c
index 6a3c060..88b665a 100644
--- a/sys/alpha/alpha/elf_machdep.c
+++ b/sys/alpha/alpha/elf_machdep.c
@@ -85,6 +85,7 @@ static Elf64_Brandinfo freebsd_brand_info = {
 						"/libexec/ld-elf.so.1",
 						&elf64_freebsd_sysvec,
 						NULL,
+						0,
 					  };
 
 SYSINIT(elf64, SI_SUB_EXEC, SI_ORDER_ANY,
@@ -99,6 +100,7 @@ static Elf64_Brandinfo freebsd_brand_oinfo = {
 						"/usr/libexec/ld-elf.so.1",
 						&elf64_freebsd_sysvec,
 						NULL,
+						0,
 					  };
 
 SYSINIT(oelf64, SI_SUB_EXEC, SI_ORDER_ANY,
diff --git a/sys/alpha/linux/linux_sysvec.c b/sys/alpha/linux/linux_sysvec.c
index 4ec2957..61f7875 100644
--- a/sys/alpha/linux/linux_sysvec.c
+++ b/sys/alpha/linux/linux_sysvec.c
@@ -208,6 +208,7 @@ static Elf64_Brandinfo linux_brand = {
 					"/lib/ld-linux.so.1",
 					&elf_linux_sysvec,
 					NULL,
+					BI_CAN_EXEC_DYN,
 				 };
 
 static Elf64_Brandinfo linux_glibc2brand = {
@@ -218,6 +219,7 @@ static Elf64_Brandinfo linux_glibc2brand = {
 					"/lib/ld-linux.so.2",
 					&elf_linux_sysvec,
 					NULL,
+					BI_CAN_EXEC_DYN,
 				 };
 
 Elf64_Brandinfo *linux_brandlist[] = {
diff --git a/sys/amd64/amd64/elf_machdep.c b/sys/amd64/amd64/elf_machdep.c
index 0c4a0cc..cb5694d 100644
--- a/sys/amd64/amd64/elf_machdep.c
+++ b/sys/amd64/amd64/elf_machdep.c
@@ -82,6 +82,7 @@ static Elf64_Brandinfo freebsd_brand_info = {
 						"/libexec/ld-elf.so.1",
 						&elf64_freebsd_sysvec,
 						NULL,
+						0,
 					  };
 
 SYSINIT(elf64, SI_SUB_EXEC, SI_ORDER_ANY,
@@ -96,6 +97,7 @@ static Elf64_Brandinfo freebsd_brand_oinfo = {
 						"/usr/libexec/ld-elf.so.1",
 						&elf64_freebsd_sysvec,
 						NULL,
+						0,
 					  };
 
 SYSINIT(oelf64, SI_SUB_EXEC, SI_ORDER_ANY,
diff --git a/sys/amd64/linux32/linux32_sysvec.c b/sys/amd64/linux32/linux32_sysvec.c
index c69b531..31d2cb8 100644
--- a/sys/amd64/linux32/linux32_sysvec.c
+++ b/sys/amd64/linux32/linux32_sysvec.c
@@ -1026,6 +1026,7 @@ static Elf32_Brandinfo linux_brand = {
 					"/lib/ld-linux.so.1",
 					&elf_linux_sysvec,
 					NULL,
+					BI_CAN_EXEC_DYN,
 				 };
 
 static Elf32_Brandinfo linux_glibc2brand = {
@@ -1036,6 +1037,7 @@ static Elf32_Brandinfo linux_glibc2brand = {
 					"/lib/ld-linux.so.2",
 					&elf_linux_sysvec,
 					NULL,
+					BI_CAN_EXEC_DYN,
 				 };
 
 Elf32_Brandinfo *linux_brandlist[] = {
diff --git a/sys/arm/arm/elf_machdep.c b/sys/arm/arm/elf_machdep.c
index 496b975..749a849 100644
--- a/sys/arm/arm/elf_machdep.c
+++ b/sys/arm/arm/elf_machdep.c
@@ -82,6 +82,7 @@ static Elf32_Brandinfo freebsd_brand_info = {
 						"/libexec/ld-elf.so.1",
 						&elf32_freebsd_sysvec,
 						NULL,
+						0,
 					  };
 
 SYSINIT(elf32, SI_SUB_EXEC, SI_ORDER_ANY,
@@ -96,6 +97,7 @@ static Elf32_Brandinfo freebsd_brand_oinfo = {
 						"/usr/libexec/ld-elf.so.1",
 						&elf32_freebsd_sysvec,
 						NULL,
+						0,
 					  };
 
 SYSINIT(oelf32, SI_SUB_EXEC, SI_ORDER_ANY,
diff --git a/sys/compat/ia32/ia32_sysvec.c b/sys/compat/ia32/ia32_sysvec.c
index a18163b..ede511d 100644
--- a/sys/compat/ia32/ia32_sysvec.c
+++ b/sys/compat/ia32/ia32_sysvec.c
@@ -137,6 +137,7 @@ static Elf32_Brandinfo ia32_brand_info = {
 						"/libexec/ld-elf.so.1",
 						&ia32_freebsd_sysvec,
 						"/libexec/ld-elf32.so.1",
+						0,
 					  };
 
 SYSINIT(ia32, SI_SUB_EXEC, SI_ORDER_ANY,
@@ -151,6 +152,7 @@ static Elf32_Brandinfo ia32_brand_oinfo = {
 						"/usr/libexec/ld-elf.so.1",
 						&ia32_freebsd_sysvec,
 						"/libexec/ld-elf32.so.1",
+						0,
 					  };
 
 SYSINIT(oia32, SI_SUB_EXEC, SI_ORDER_ANY,
diff --git a/sys/i386/i386/elf_machdep.c b/sys/i386/i386/elf_machdep.c
index d8756cc..2b3ffb4 100644
--- a/sys/i386/i386/elf_machdep.c
+++ b/sys/i386/i386/elf_machdep.c
@@ -82,6 +82,7 @@ static Elf32_Brandinfo freebsd_brand_info = {
 						"/libexec/ld-elf.so.1",
 						&elf32_freebsd_sysvec,
 						NULL,
+						0,
 					  };
 
 SYSINIT(elf32, SI_SUB_EXEC, SI_ORDER_ANY,
@@ -96,6 +97,7 @@ static Elf32_Brandinfo freebsd_brand_oinfo = {
 						"/usr/libexec/ld-elf.so.1",
 						&elf32_freebsd_sysvec,
 						NULL,
+						0,
 					  };
 
 SYSINIT(oelf32, SI_SUB_EXEC, SI_ORDER_ANY,
diff --git a/sys/i386/linux/linux_sysvec.c b/sys/i386/linux/linux_sysvec.c
index f28371d..1335f9a 100644
--- a/sys/i386/linux/linux_sysvec.c
+++ b/sys/i386/linux/linux_sysvec.c
@@ -868,6 +868,7 @@ static Elf32_Brandinfo linux_brand = {
 					"/lib/ld-linux.so.1",
 					&elf_linux_sysvec,
 					NULL,
+					BI_CAN_EXEC_DYN,
 				 };
 
 static Elf32_Brandinfo linux_glibc2brand = {
@@ -878,6 +879,7 @@ static Elf32_Brandinfo linux_glibc2brand = {
 					"/lib/ld-linux.so.2",
 					&elf_linux_sysvec,
 					NULL,
+					BI_CAN_EXEC_DYN,
 				 };
 
 Elf32_Brandinfo *linux_brandlist[] = {
diff --git a/sys/ia64/ia64/elf_machdep.c b/sys/ia64/ia64/elf_machdep.c
index ccd5083..64f8250 100644
--- a/sys/ia64/ia64/elf_machdep.c
+++ b/sys/ia64/ia64/elf_machdep.c
@@ -90,6 +90,7 @@ static Elf64_Brandinfo freebsd_brand_info = {
 	"/libexec/ld-elf.so.1",
 	&elf64_freebsd_sysvec,
 	NULL,
+	0,
 };
 SYSINIT(elf64, SI_SUB_EXEC, SI_ORDER_ANY,
     (sysinit_cfunc_t)elf64_insert_brand_entry, &freebsd_brand_info);
@@ -102,6 +103,7 @@ static Elf64_Brandinfo freebsd_brand_oinfo = {
 	"/usr/libexec/ld-elf.so.1",
 	&elf64_freebsd_sysvec,
 	NULL,
+	0,
 };
 SYSINIT(oelf64, SI_SUB_EXEC, SI_ORDER_ANY,
     (sysinit_cfunc_t)elf64_insert_brand_entry, &freebsd_brand_oinfo);
diff --git a/sys/kern/imgact_elf.c b/sys/kern/imgact_elf.c
index ce80f8b..5047d41 100644
--- a/sys/kern/imgact_elf.c
+++ b/sys/kern/imgact_elf.c
@@ -97,11 +97,6 @@ SYSCTL_INT(__CONCAT(_kern_elf, __ELF_WORD_SIZE), OID_AUTO,
 TUNABLE_INT("kern.elf" __XSTRING(__ELF_WORD_SIZE) ".fallback_brand",
     &__elfN(fallback_brand));
 
-int __elfN(can_exec_dyn) = 0;
-SYSCTL_INT(__CONCAT(_kern_elf, __ELF_WORD_SIZE), OID_AUTO,
-	can_exec_dyn, CTLFLAG_RW, &__elfN(can_exec_dyn), 0, 
-	__XSTRING(__CONCAT(ELF, __ELF_WORD_SIZE)) " can exec shared libraries");
-
 static int elf_trace = 0;
 SYSCTL_INT(_debug, OID_AUTO, __elfN(trace), CTLFLAG_RW, &elf_trace, 0, "");
 
@@ -619,9 +614,12 @@ __CONCAT(exec_, __elfN(imgact))(struct image_params *imgp)
 
 	/*
 	 * Do we have a valid ELF header ?
+	 *
+	 * Only allow ET_EXEC & ET_DYN here, reject ET_DYN later
+	 * if particular brand doesn't support it.
 	 */
-	if (__elfN(check_header)(hdr) != 0 || (hdr->e_type != ET_EXEC
-	&& (!__elfN(can_exec_dyn) || hdr->e_type != ET_DYN)))
+	if (__elfN(check_header)(hdr) != 0 ||
+	    (hdr->e_type != ET_EXEC && hdr->e_type != ET_DYN))
 		return (-1);
 
 	/*
@@ -654,6 +652,11 @@ __CONCAT(exec_, __elfN(imgact))(struct image_params *imgp)
 		    hdr->e_ident[EI_OSABI]);
 		return (ENOEXEC);
 	}
+	if (hdr->e_type == ET_DYN &&
+	    (brand_info->flags & BI_CAN_EXEC_DYN) == 0) {
+		error = ENOEXEC;
+		goto fail;
+	}
 	sv = brand_info->sysvec;
 	if (interp != NULL && brand_info->interp_newpath != NULL)
 		interp = brand_info->interp_newpath;
diff --git a/sys/powerpc/powerpc/elf_machdep.c b/sys/powerpc/powerpc/elf_machdep.c
index 6063e7b..be979b3 100644
--- a/sys/powerpc/powerpc/elf_machdep.c
+++ b/sys/powerpc/powerpc/elf_machdep.c
@@ -85,6 +85,7 @@ static Elf32_Brandinfo freebsd_brand_info = {
 						"/libexec/ld-elf.so.1",
 						&elf32_freebsd_sysvec,
 						NULL,
+						0,
 					  };
 
 SYSINIT(elf32, SI_SUB_EXEC, SI_ORDER_ANY,
@@ -99,6 +100,7 @@ static Elf32_Brandinfo freebsd_brand_oinfo = {
 						"/usr/libexec/ld-elf.so.1",
 						&elf32_freebsd_sysvec,
 						NULL,
+						0,
 					  };
 
 SYSINIT(oelf32, SI_SUB_EXEC, SI_ORDER_ANY,
diff --git a/sys/sparc64/sparc64/elf_machdep.c b/sys/sparc64/sparc64/elf_machdep.c
index b113afe..1b9bbc2 100644
--- a/sys/sparc64/sparc64/elf_machdep.c
+++ b/sys/sparc64/sparc64/elf_machdep.c
@@ -95,6 +95,7 @@ static Elf64_Brandinfo freebsd_brand_info = {
 						"/libexec/ld-elf.so.1",
 						&elf64_freebsd_sysvec,
 						NULL,
+						0,
 					  };
 
 SYSINIT(elf64, SI_SUB_EXEC, SI_ORDER_ANY,
@@ -109,6 +110,7 @@ static Elf64_Brandinfo freebsd_brand_oinfo = {
 						"/usr/libexec/ld-elf.so.1",
 						&elf64_freebsd_sysvec,
 						NULL,
+						0,
 					  };
 
 SYSINIT(oelf64, SI_SUB_EXEC, SI_ORDER_ANY,
diff --git a/sys/sys/imgact_elf.h b/sys/sys/imgact_elf.h
index 8bb4cc2..663a090 100644
--- a/sys/sys/imgact_elf.h
+++ b/sys/sys/imgact_elf.h
@@ -63,6 +63,8 @@ typedef struct {
 	const char *interp_path;
 	struct sysentvec *sysvec;
 	const char *interp_newpath;
+        int flags;
+#define		BI_CAN_EXEC_DYN	0x0001
 } __ElfN(Brandinfo);
 
 __ElfType(Auxargs);
author	sobomax <sobomax@FreeBSD.org>	2005-12-26 21:23:57 +0000
committer	sobomax <sobomax@FreeBSD.org>	2005-12-26 21:23:57 +0000
commit	34fa5a81a54eaa10eb4a68d7f7e3345ece4f9e28 (patch)
tree	915d25cef97f2d33bc2aa9fb449ee4c0faa7722d /sys
parent	b9da93266fdc570180552a109592b65aedf45357 (diff)
download	FreeBSD-src-34fa5a81a54eaa10eb4a68d7f7e3345ece4f9e28.zip FreeBSD-src-34fa5a81a54eaa10eb4a68d7f7e3345ece4f9e28.tar.gz