Skip to content
This repository

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse code

OS-1364 local auditors specifying LA_FLG_BINDTO miss bindings via elf…

…_bndr()
  • Loading branch information...
commit eacaebb5596d5ce236b6af1e1a9785f7297498c8 1 parent 9e2c152
Bryan Cantrill authored July 02, 2012
4  usr/src/cmd/sgs/rtld/amd64/amd64_elf.c
@@ -21,6 +21,7 @@
21 21
 
22 22
 /*
23 23
  * Copyright (c) 2004, 2010, Oracle and/or its affiliates. All rights reserved.
  24
+ * Copyright (c) 2012, Joyent, Inc. All rights reserved.
24 25
  */
25 26
 
26 27
 /*
@@ -297,7 +298,8 @@ elf_bndr(Rt_map *lmp, ulong_t pltndx, caddr_t from)
297 298
 			rtldexit(lml, 1);
298 299
 	}
299 300
 
300  
-	if ((lml->lm_tflags | AFLAGS(lmp)) & LML_TFLG_AUD_SYMBIND) {
  301
+	if ((lml->lm_tflags | AFLAGS(lmp) | AFLAGS(nlmp)) &
  302
+	    LML_TFLG_AUD_SYMBIND) {
301 303
 		uint_t	symndx = (((uintptr_t)nsym -
302 304
 		    (uintptr_t)SYMTAB(nlmp)) / SYMENT(nlmp));
303 305
 		symval = audit_symbind(lmp, nlmp, nsym, symndx, symval,
4  usr/src/cmd/sgs/rtld/common/dlfcns.c
@@ -24,6 +24,7 @@
24 24
  *	  All Rights Reserved
25 25
  *
26 26
  * Copyright (c) 1990, 2010, Oracle and/or its affiliates. All rights reserved.
  27
+ * Copyright (c) 2012, Joyent, Inc. All rights reserved.
27 28
  */
28 29
 
29 30
 /*
@@ -1390,7 +1391,8 @@ dlsym_core(void *handle, const char *name, Rt_map *clmp, Rt_map **dlmp,
1390 1391
 		DBG_CALL(Dbg_bind_global(clmp, 0, 0, (Xword)-1, PLT_T_NONE,
1391 1392
 		    *dlmp, addr, sym->st_value, sr.sr_name, binfo));
1392 1393
 
1393  
-		if ((lml->lm_tflags | AFLAGS(clmp)) & LML_TFLG_AUD_SYMBIND) {
  1394
+		if ((lml->lm_tflags | AFLAGS(clmp) | AFLAGS(*dlmp)) &
  1395
+		    LML_TFLG_AUD_SYMBIND) {
1394 1396
 			uint_t	sb_flags = LA_SYMB_DLSYM;
1395 1397
 			/* LINTED */
1396 1398
 			uint_t	symndx = (uint_t)(((Xword)sym -
4  usr/src/cmd/sgs/rtld/i386/i386_elf.c
@@ -24,6 +24,7 @@
24 24
  *	  All Rights Reserved
25 25
  *
26 26
  * Copyright (c) 1992, 2010, Oracle and/or its affiliates. All rights reserved.
  27
+ * Copyright (c) 2012, Joyent, Inc. All rights reserved.
27 28
  */
28 29
 
29 30
 /*
@@ -276,7 +277,8 @@ elf_bndr(Rt_map *lmp, ulong_t reloff, caddr_t from)
276 277
 			rtldexit(lml, 1);
277 278
 	}
278 279
 
279  
-	if ((lml->lm_tflags | AFLAGS(lmp)) & LML_TFLG_AUD_SYMBIND) {
  280
+	if ((lml->lm_tflags | AFLAGS(lmp) | AFLAGS(nlmp)) &
  281
+	    LML_TFLG_AUD_SYMBIND) {
280 282
 		uint_t	symndx = (((uintptr_t)nsym -
281 283
 		    (uintptr_t)SYMTAB(nlmp)) / SYMENT(nlmp));
282 284
 		symval = audit_symbind(lmp, nlmp, nsym, symndx, symval,
4  usr/src/cmd/sgs/rtld/sparc/sparc_elf.c
@@ -24,6 +24,7 @@
24 24
  *	  All Rights Reserved
25 25
  *
26 26
  * Copyright (c) 1990, 2010, Oracle and/or its affiliates. All rights reserved.
  27
+ * Copyright (c) 2012, Joyent, Inc. All rights reserved.
27 28
  */
28 29
 
29 30
 /*
@@ -448,7 +449,8 @@ elf_bndr(Rt_map *lmp, ulong_t pltoff, caddr_t from)
448 449
 			rtldexit(lml, 1);
449 450
 	}
450 451
 
451  
-	if ((lml->lm_tflags | AFLAGS(lmp)) & LML_TFLG_AUD_SYMBIND) {
  452
+	if ((lml->lm_tflags | AFLAGS(lmp) | AFLAGS(nlmp)) &
  453
+	    LML_TFLG_AUD_SYMBIND) {
452 454
 		ulong_t	symndx = (((uintptr_t)nsym -
453 455
 		    (uintptr_t)SYMTAB(nlmp)) / SYMENT(nlmp));
454 456
 
4  usr/src/cmd/sgs/rtld/sparcv9/sparc_elf.c
@@ -21,6 +21,7 @@
21 21
 
22 22
 /*
23 23
  * Copyright (c) 1997, 2010, Oracle and/or its affiliates. All rights reserved.
  24
+ * Copyright (c) 2012, Joyent, Inc. All rights reserved.
24 25
  */
25 26
 
26 27
 /*
@@ -589,7 +590,8 @@ elf_bndr(Rt_map *lmp, ulong_t pltoff, caddr_t from)
589 590
 			rtldexit(lml, 1);
590 591
 	}
591 592
 
592  
-	if ((lml->lm_tflags | AFLAGS(lmp)) & LML_TFLG_AUD_SYMBIND) {
  593
+	if ((lml->lm_tflags | AFLAGS(lmp) | AFLAGS(nlmp)) &
  594
+	    LML_TFLG_AUD_SYMBIND) {
593 595
 		/* LINTED */
594 596
 		uint_t	symndx = (uint_t)(((uintptr_t)nsym -
595 597
 		    (uintptr_t)SYMTAB(nlmp)) / SYMENT(nlmp));

0 notes on commit eacaebb

Please sign in to comment.
Something went wrong with that request. Please try again.