forked from rpms/glibc
160 lines
5.1 KiB
Diff
160 lines
5.1 KiB
Diff
commit d8f7a79335b0d861c12c42aec94c04cd5bb181e2
|
|
Author: Florian Weimer <fweimer@redhat.com>
|
|
Date: Tue May 20 19:36:02 2025 +0200
|
|
|
|
elf: Test case for bug 32976 (CVE-2025-4802)
|
|
|
|
Check that LD_LIBRARY_PATH is ignored for AT_SECURE statically
|
|
linked binaries, using support_capture_subprogram_self_sgid.
|
|
|
|
Reviewed-by: Carlos O'Donell <carlos@redhat.com>
|
|
|
|
Conflicts:
|
|
elf/Makefile
|
|
((test list differences, link against libdl))
|
|
|
|
diff --git a/elf/Makefile b/elf/Makefile
|
|
index 8ca9f1c13f78216d..38976f195a398abf 100644
|
|
--- a/elf/Makefile
|
|
+++ b/elf/Makefile
|
|
@@ -235,6 +235,7 @@ tests-static-normal := \
|
|
tst-array1-static \
|
|
tst-array5-static \
|
|
tst-dl-iter-static \
|
|
+ tst-dlopen-sgid \
|
|
tst-dst-static \
|
|
tst-env-setuid \
|
|
tst-env-setuid-tunables \
|
|
@@ -726,6 +727,7 @@ modules-names = \
|
|
tst-dlmopen-gethostbyname-mod \
|
|
tst-dlmopen-twice-mod1 \
|
|
tst-dlmopen-twice-mod2 \
|
|
+ tst-dlopen-sgid-mod \
|
|
tst-dlopen-tlsreinitmod1 \
|
|
tst-dlopen-tlsreinitmod2 \
|
|
tst-dlopen-tlsreinitmod3 \
|
|
@@ -2816,3 +2818,6 @@ $(objpfx)tst-dlopen-tlsreinit3.out: $(objpfx)tst-auditmod1.so
|
|
tst-dlopen-tlsreinit3-ENV = LD_AUDIT=$(objpfx)tst-auditmod1.so
|
|
$(objpfx)tst-dlopen-tlsreinit4.out: $(objpfx)tst-auditmod1.so
|
|
tst-dlopen-tlsreinit4-ENV = LD_AUDIT=$(objpfx)tst-auditmod1.so
|
|
+
|
|
+$(objpfx)tst-dlopen-sgid: $(common-objpfx)dlfcn/libdl.a
|
|
+$(objpfx)tst-dlopen-sgid.out: $(objpfx)tst-dlopen-sgid-mod.so
|
|
diff --git a/elf/tst-dlopen-sgid-mod.c b/elf/tst-dlopen-sgid-mod.c
|
|
new file mode 100644
|
|
index 0000000000000000..5eb79eef485da4c9
|
|
--- /dev/null
|
|
+++ b/elf/tst-dlopen-sgid-mod.c
|
|
@@ -0,0 +1 @@
|
|
+/* Opening this object should not succeed. */
|
|
diff --git a/elf/tst-dlopen-sgid.c b/elf/tst-dlopen-sgid.c
|
|
new file mode 100644
|
|
index 0000000000000000..47829a405e90b6b9
|
|
--- /dev/null
|
|
+++ b/elf/tst-dlopen-sgid.c
|
|
@@ -0,0 +1,104 @@
|
|
+/* Test case for ignored LD_LIBRARY_PATH in static startug (bug 32976).
|
|
+ Copyright (C) 2025 Free Software Foundation, Inc.
|
|
+ This file is part of the GNU C Library.
|
|
+
|
|
+ The GNU C Library is free software; you can redistribute it and/or
|
|
+ modify it under the terms of the GNU Lesser General Public
|
|
+ License as published by the Free Software Foundation; either
|
|
+ version 2.1 of the License, or (at your option) any later version.
|
|
+
|
|
+ The GNU C Library is distributed in the hope that it will be useful,
|
|
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
|
+ Lesser General Public License for more details.
|
|
+
|
|
+ You should have received a copy of the GNU Lesser General Public
|
|
+ License along with the GNU C Library; if not, see
|
|
+ <https://www.gnu.org/licenses/>. */
|
|
+
|
|
+#include <dlfcn.h>
|
|
+#include <gnu/lib-names.h>
|
|
+#include <stddef.h>
|
|
+#include <stdint.h>
|
|
+#include <stdlib.h>
|
|
+#include <string.h>
|
|
+#include <support/capture_subprocess.h>
|
|
+#include <support/check.h>
|
|
+#include <support/support.h>
|
|
+#include <support/temp_file.h>
|
|
+#include <unistd.h>
|
|
+
|
|
+/* This is the name of our test object. Use a custom module for
|
|
+ testing, so that this object does not get picked up from the system
|
|
+ path. */
|
|
+static const char dso_name[] = "tst-dlopen-sgid-mod.so";
|
|
+
|
|
+/* Used to mark the recursive invocation. */
|
|
+static const char magic_argument[] = "run-actual-test";
|
|
+
|
|
+static int
|
|
+do_test (void)
|
|
+{
|
|
+/* Pathname of the directory that receives the shared objects this
|
|
+ test attempts to load. */
|
|
+ char *libdir = support_create_temp_directory ("tst-dlopen-sgid-");
|
|
+
|
|
+ /* This is supposed to be ignored and stripped. */
|
|
+ TEST_COMPARE (setenv ("LD_LIBRARY_PATH", libdir, 1), 0);
|
|
+
|
|
+ /* Copy of libc.so.6. */
|
|
+ {
|
|
+ char *from = xasprintf ("%s/%s", support_objdir_root, LIBC_SO);
|
|
+ char *to = xasprintf ("%s/%s", libdir, LIBC_SO);
|
|
+ add_temp_file (to);
|
|
+ support_copy_file (from, to);
|
|
+ free (to);
|
|
+ free (from);
|
|
+ }
|
|
+
|
|
+ /* Copy of the test object. */
|
|
+ {
|
|
+ char *from = xasprintf ("%s/elf/%s", support_objdir_root, dso_name);
|
|
+ char *to = xasprintf ("%s/%s", libdir, dso_name);
|
|
+ add_temp_file (to);
|
|
+ support_copy_file (from, to);
|
|
+ free (to);
|
|
+ free (from);
|
|
+ }
|
|
+
|
|
+ TEST_COMPARE (support_capture_subprogram_self_sgid (magic_argument), 0);
|
|
+
|
|
+ free (libdir);
|
|
+
|
|
+ return 0;
|
|
+}
|
|
+
|
|
+static void
|
|
+alternative_main (int argc, char **argv)
|
|
+{
|
|
+ if (argc == 2 && strcmp (argv[1], magic_argument) == 0)
|
|
+ {
|
|
+ if (getgid () == getegid ())
|
|
+ /* This can happen if the file system is mounted nosuid. */
|
|
+ FAIL_UNSUPPORTED ("SGID failed: GID and EGID match (%jd)\n",
|
|
+ (intmax_t) getgid ());
|
|
+
|
|
+ /* Should be removed due to SGID. */
|
|
+ TEST_COMPARE_STRING (getenv ("LD_LIBRARY_PATH"), NULL);
|
|
+
|
|
+ TEST_VERIFY (dlopen (dso_name, RTLD_NOW) == NULL);
|
|
+ {
|
|
+ const char *message = dlerror ();
|
|
+ TEST_COMPARE_STRING (message,
|
|
+ "tst-dlopen-sgid-mod.so:"
|
|
+ " cannot open shared object file:"
|
|
+ " No such file or directory");
|
|
+ }
|
|
+
|
|
+ support_record_failure_barrier ();
|
|
+ exit (EXIT_SUCCESS);
|
|
+ }
|
|
+}
|
|
+
|
|
+#define PREPARE alternative_main
|
|
+#include <support/test-driver.c>
|