* elf/dl-load.c (_dl_map_object_from_fd): We don't have to allow

	callers from libc anymore.

	* elf/dl-open.c (dl_open_worker): Pass __RTLD_AUDIT flag from caller
	to _dl_map_object_deps.
	* elf/dl-load.c (_dl_map_object_from_fd): Don't change memory
	protections when loading auditing modules.

	* dlfcn/dlopen.c (dlopen_doit): Catch invalid mode arguments and fail.

diff --git a/ChangeLog b/ChangeLog
index df12ad0..4601adf 100644 (file)
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,15 @@
 2005-01-12  Ulrich Drepper  <drepper@redhat.com>
 
+       * elf/dl-load.c (_dl_map_object_from_fd): We don't have to allow
+       callers from libc anymore.
+
+       * elf/dl-open.c (dl_open_worker): Pass __RTLD_AUDIT flag from caller
+       to _dl_map_object_deps.
+       * elf/dl-load.c (_dl_map_object_from_fd): Don't change memory
+       protections when loading auditing modules.
+
+       * dlfcn/dlopen.c (dlopen_doit): Catch invalid mode arguments and fail.
+
        * posix/getconf.c: Update copyright year.
        * nss/getent.c: Likewise.
        * nscd/nscd_nischeck.c: Likewise.

diff --git a/dlfcn/dlopen.c b/dlfcn/dlopen.c
index 1e2111e..bffb512 100644 (file)
--- a/dlfcn/dlopen.c
+++ b/dlfcn/dlopen.c
@@ -1,5 +1,5 @@
 /* Load a shared object at run time.
-   Copyright (C) 1995,96,97,98,99,2000,2003,2004 Free Software Foundation, Inc.
+   Copyright (C) 1995-2000,2003,2004,2005 Free Software Foundation, Inc.
    This file is part of the GNU C Library.
 
    The GNU C Library is free software; you can redistribute it and/or
@@ -18,6 +18,7 @@
    02111-1307 USA.  */
 
 #include <dlfcn.h>
+#include <libintl.h>
 #include <stddef.h>
 #include <unistd.h>
 #include <ldsodefs.h>
@@ -58,6 +59,10 @@ dlopen_doit (void *a)
 {
   struct dlopen_args *args = (struct dlopen_args *) a;
 
+  if (args->mode & ~(RTLD_BINDING_MASK | RTLD_NOLOAD | RTLD_DEEPBIND
+                    | RTLD_GLOBAL | RTLD_LOCAL | RTLD_NODELETE))
+    GLRO(dl_signal_error) (0, NULL, NULL, _("invalid mode parameter"));
+
   args->new = GLRO(dl_open) (args->file ?: "", args->mode | __RTLD_DLOPEN,
                             args->caller,
                             args->file == NULL ? LM_ID_BASE : NS,

diff --git a/elf/dl-load.c b/elf/dl-load.c
index 363f77b..f74f98f 100644 (file)
--- a/elf/dl-load.c
+++ b/elf/dl-load.c
@@ -1359,14 +1359,14 @@ cannot allocate TLS data structures for initial thread");
         protection of the variable which contains the flags used in
         the mprotect calls.  */
 #ifdef HAVE_Z_RELRO
-      if (mode & __RTLD_DLOPEN)
+      if ((mode & (__RTLD_DLOPEN | __RTLD_AUDIT)) == __RTLD_DLOPEN)
        {
          uintptr_t p = ((uintptr_t) &__stack_prot) & ~(GLRO(dl_pagesize) - 1);
          size_t s = (uintptr_t) &__stack_prot - p + sizeof (int);
 
          __mprotect ((void *) p, s, PROT_READ|PROT_WRITE);
          if (__builtin_expect (__check_caller (RETURN_ADDRESS (0),
-                                               allow_ldso|allow_libc) == 0,
+                                               allow_ldso) == 0,
                                0))
            __stack_prot |= PROT_EXEC;
          __mprotect ((void *) p, s, PROT_READ);

diff --git a/elf/dl-open.c b/elf/dl-open.c
index c2cf1db..4de2072 100644 (file)
--- a/elf/dl-open.c
+++ b/elf/dl-open.c
@@ -305,7 +305,7 @@ dl_open_worker (void *a)
 
   /* Load that object's dependencies.  */
   _dl_map_object_deps (new, NULL, 0, 0,
-                      mode & (__RTLD_DLOPEN | RTLD_DEEPBIND));
+                      mode & (__RTLD_DLOPEN | RTLD_DEEPBIND | __RTLD_AUDIT));
 
   /* So far, so good.  Now check the versions.  */
   for (i = 0; i < new->l_searchlist.r_nlist; ++i)