diff options
| author | Bryan Cantrill <bryan@joyent.com> | 2012-07-02 07:02:20 +0000 |
|---|---|---|
| committer | Robert Mustacchi <rm@joyent.com> | 2013-10-17 09:55:13 -0700 |
| commit | 38f4bddda7216cf3550c325e8cabe56d08a2bce9 (patch) | |
| tree | 8300e9b4870ab8cba61cf9a921a4edd39df68f9b | |
| parent | 7de6f2c04fea77fcbe76d99f76a808428157de2d (diff) | |
| download | illumos-joyent-38f4bddda7216cf3550c325e8cabe56d08a2bce9.tar.gz | |
3669 for local auditors, LA_FLG_BINDTO does not audit all symbol bindings
Reviewed by: Adam Leventhal <ahl@delphix.com>
Reviewed by: Dan McDonald <danmcd@nexenta.com>
Reviewed by: Richard Lowe <richlowe@richlowe.net>
Approved by: Gordon Ross <gwr@nexenta.com>
| -rw-r--r-- | usr/src/cmd/sgs/rtld/amd64/amd64_elf.c | 4 | ||||
| -rw-r--r-- | usr/src/cmd/sgs/rtld/common/audit.c | 30 | ||||
| -rw-r--r-- | usr/src/cmd/sgs/rtld/common/dlfcns.c | 4 | ||||
| -rw-r--r-- | usr/src/cmd/sgs/rtld/i386/i386_elf.c | 4 | ||||
| -rw-r--r-- | usr/src/cmd/sgs/rtld/sparc/sparc_elf.c | 4 | ||||
| -rw-r--r-- | usr/src/cmd/sgs/rtld/sparcv9/sparc_elf.c | 4 |
6 files changed, 36 insertions, 14 deletions
diff --git a/usr/src/cmd/sgs/rtld/amd64/amd64_elf.c b/usr/src/cmd/sgs/rtld/amd64/amd64_elf.c index a6ac1a7c50..ddc44484a6 100644 --- a/usr/src/cmd/sgs/rtld/amd64/amd64_elf.c +++ b/usr/src/cmd/sgs/rtld/amd64/amd64_elf.c @@ -21,6 +21,7 @@ /* * Copyright (c) 2004, 2010, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2012, Joyent, Inc. All rights reserved. */ /* @@ -297,7 +298,8 @@ elf_bndr(Rt_map *lmp, ulong_t pltndx, caddr_t from) rtldexit(lml, 1); } - if ((lml->lm_tflags | AFLAGS(lmp)) & LML_TFLG_AUD_SYMBIND) { + if ((lml->lm_tflags | AFLAGS(lmp) | AFLAGS(nlmp)) & + LML_TFLG_AUD_SYMBIND) { uint_t symndx = (((uintptr_t)nsym - (uintptr_t)SYMTAB(nlmp)) / SYMENT(nlmp)); symval = audit_symbind(lmp, nlmp, nsym, symndx, symval, diff --git a/usr/src/cmd/sgs/rtld/common/audit.c b/usr/src/cmd/sgs/rtld/common/audit.c index 9d2fd0b9d8..723bc9a292 100644 --- a/usr/src/cmd/sgs/rtld/common/audit.c +++ b/usr/src/cmd/sgs/rtld/common/audit.c @@ -21,6 +21,7 @@ /* * Copyright (c) 1996, 2010, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2012, Joyent, Inc. All rights reserved. * * Audit interfaces. Auditing can be enabled in two ways: * @@ -986,19 +987,23 @@ _audit_symbind(APlist *list, Rt_map *rlmp, Rt_map *dlmp, Sym *sym, uint_t ndx, if (alp->al_symbind == 0) continue; - if ((racp = _audit_client(AUDINFO(rlmp), almp)) == NULL) + + if ((racp = _audit_client(AUDINFO(rlmp), almp)) != NULL && + (racp->ac_flags & FLG_AC_BINDFROM) == 0) continue; + if ((dacp = _audit_client(AUDINFO(dlmp), almp)) == NULL) continue; - if (((racp->ac_flags & FLG_AC_BINDFROM) == 0) || - ((dacp->ac_flags & FLG_AC_BINDTO) == 0)) + + if ((dacp->ac_flags & FLG_AC_BINDTO) == 0) continue; /* - * The la_symbind interface is only called when the calling - * object has been identified as BINDFROM, and the destination - * object has been identified as BINDTO. Use a local version of - * the flags, so that any user update can be collected. + * The la_symbind interface is only called when the destination + * object has been identified as BINDTO and either the + * destination object is being locally audited or the calling + * object has been identified as BINDFROM. Use a local version + * of the flags, so that any user update can be collected. */ (*called)++; lflags = (oflags & ~(LA_SYMB_NOPLTENTER | LA_SYMB_NOPLTEXIT)); @@ -1007,8 +1012,8 @@ _audit_symbind(APlist *list, Rt_map *rlmp, Rt_map *dlmp, Sym *sym, uint_t ndx, alp->al_libname, name, ovalue, oflags)); leave(alml, thr_flg_reenter); - sym->st_value = (*alp->al_symbind)(sym, ndx, - &(racp->ac_cookie), &(dacp->ac_cookie), + sym->st_value = (*alp->al_symbind)(sym, ndx, racp == NULL ? + NULL : &(racp->ac_cookie), &(dacp->ac_cookie), /* BEGIN CSTYLED */ #if defined(_ELF64) &lflags, name); @@ -1065,10 +1070,17 @@ audit_symbind(Rt_map *rlmp, Rt_map *dlmp, Sym *sym, uint_t ndx, Addr value, if (auditors && (auditors->ad_flags & LML_TFLG_AUD_SYMBIND)) nsym.st_value = _audit_symbind(auditors->ad_list, rlmp, dlmp, &nsym, ndx, flags, &called); + if (AUDITORS(rlmp) && (AUDITORS(rlmp)->ad_flags & LML_TFLG_AUD_SYMBIND)) nsym.st_value = _audit_symbind(AUDITORS(rlmp)->ad_list, rlmp, dlmp, &nsym, ndx, flags, &called); + if (dlmp != rlmp && AUDITORS(dlmp) && + (AUDITORS(dlmp)->ad_flags & LML_TFLG_AUD_SYMBIND)) { + nsym.st_value = _audit_symbind(AUDITORS(dlmp)->ad_list, + rlmp, dlmp, &nsym, ndx, flags, &called); + } + /* * If no la_symbind() was called for this interface, fabricate that no * la_pltenter, or la_pltexit is required. This helps reduce the glue diff --git a/usr/src/cmd/sgs/rtld/common/dlfcns.c b/usr/src/cmd/sgs/rtld/common/dlfcns.c index a8aaf3805e..74432c1686 100644 --- a/usr/src/cmd/sgs/rtld/common/dlfcns.c +++ b/usr/src/cmd/sgs/rtld/common/dlfcns.c @@ -24,6 +24,7 @@ * All Rights Reserved * * Copyright (c) 1990, 2010, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2012, Joyent, Inc. All rights reserved. */ /* @@ -1390,7 +1391,8 @@ dlsym_core(void *handle, const char *name, Rt_map *clmp, Rt_map **dlmp, DBG_CALL(Dbg_bind_global(clmp, 0, 0, (Xword)-1, PLT_T_NONE, *dlmp, addr, sym->st_value, sr.sr_name, binfo)); - if ((lml->lm_tflags | AFLAGS(clmp)) & LML_TFLG_AUD_SYMBIND) { + if ((lml->lm_tflags | AFLAGS(clmp) | AFLAGS(*dlmp)) & + LML_TFLG_AUD_SYMBIND) { uint_t sb_flags = LA_SYMB_DLSYM; /* LINTED */ uint_t symndx = (uint_t)(((Xword)sym - diff --git a/usr/src/cmd/sgs/rtld/i386/i386_elf.c b/usr/src/cmd/sgs/rtld/i386/i386_elf.c index f1320605dd..4bf825e4d9 100644 --- a/usr/src/cmd/sgs/rtld/i386/i386_elf.c +++ b/usr/src/cmd/sgs/rtld/i386/i386_elf.c @@ -24,6 +24,7 @@ * All Rights Reserved * * Copyright (c) 1992, 2010, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2012, Joyent, Inc. All rights reserved. */ /* @@ -276,7 +277,8 @@ elf_bndr(Rt_map *lmp, ulong_t reloff, caddr_t from) rtldexit(lml, 1); } - if ((lml->lm_tflags | AFLAGS(lmp)) & LML_TFLG_AUD_SYMBIND) { + if ((lml->lm_tflags | AFLAGS(lmp) | AFLAGS(nlmp)) & + LML_TFLG_AUD_SYMBIND) { uint_t symndx = (((uintptr_t)nsym - (uintptr_t)SYMTAB(nlmp)) / SYMENT(nlmp)); symval = audit_symbind(lmp, nlmp, nsym, symndx, symval, diff --git a/usr/src/cmd/sgs/rtld/sparc/sparc_elf.c b/usr/src/cmd/sgs/rtld/sparc/sparc_elf.c index dff287349d..4387276e26 100644 --- a/usr/src/cmd/sgs/rtld/sparc/sparc_elf.c +++ b/usr/src/cmd/sgs/rtld/sparc/sparc_elf.c @@ -24,6 +24,7 @@ * All Rights Reserved * * Copyright (c) 1990, 2010, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2012, Joyent, Inc. All rights reserved. */ /* @@ -448,7 +449,8 @@ elf_bndr(Rt_map *lmp, ulong_t pltoff, caddr_t from) rtldexit(lml, 1); } - if ((lml->lm_tflags | AFLAGS(lmp)) & LML_TFLG_AUD_SYMBIND) { + if ((lml->lm_tflags | AFLAGS(lmp) | AFLAGS(nlmp)) & + LML_TFLG_AUD_SYMBIND) { ulong_t symndx = (((uintptr_t)nsym - (uintptr_t)SYMTAB(nlmp)) / SYMENT(nlmp)); diff --git a/usr/src/cmd/sgs/rtld/sparcv9/sparc_elf.c b/usr/src/cmd/sgs/rtld/sparcv9/sparc_elf.c index 66e30f2ba6..1a719329da 100644 --- a/usr/src/cmd/sgs/rtld/sparcv9/sparc_elf.c +++ b/usr/src/cmd/sgs/rtld/sparcv9/sparc_elf.c @@ -21,6 +21,7 @@ /* * Copyright (c) 1997, 2010, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2012, Joyent, Inc. All rights reserved. */ /* @@ -589,7 +590,8 @@ elf_bndr(Rt_map *lmp, ulong_t pltoff, caddr_t from) rtldexit(lml, 1); } - if ((lml->lm_tflags | AFLAGS(lmp)) & LML_TFLG_AUD_SYMBIND) { + if ((lml->lm_tflags | AFLAGS(lmp) | AFLAGS(nlmp)) & + LML_TFLG_AUD_SYMBIND) { /* LINTED */ uint_t symndx = (uint_t)(((uintptr_t)nsym - (uintptr_t)SYMTAB(nlmp)) / SYMENT(nlmp)); |