Skip to content

glibc: add optional dlopen wrapper to unset RTLD_DEEPBIND #283

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
Androbin wants to merge 1 commit into
base: main
Choose a base branch
from
Open

glibc: add optional dlopen wrapper to unset RTLD_DEEPBIND #283

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
7 changes: 6 additions & 1 deletion Makefile
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -89,6 +89,10 @@ ifeq (,$(filter $(CONFIG_SELF_INIT),true false))
$(error CONFIG_SELF_INIT must be true or false)
endif

ifeq (,$(filter $(CONFIG_UNSET_RTLD_DEEPBIND),true false))
$(error CONFIG_UNSET_RTLD_DEEPBIND must be true or false)
endif

CPPFLAGS += \
-DCONFIG_SEAL_METADATA=$(CONFIG_SEAL_METADATA) \
-DZERO_ON_FREE=$(CONFIG_ZERO_ON_FREE) \
Expand All @@ -108,7 +112,8 @@ CPPFLAGS += \
-DCONFIG_CLASS_REGION_SIZE=$(CONFIG_CLASS_REGION_SIZE) \
-DN_ARENA=$(CONFIG_N_ARENA) \
-DCONFIG_STATS=$(CONFIG_STATS) \
-DCONFIG_SELF_INIT=$(CONFIG_SELF_INIT)
-DCONFIG_SELF_INIT=$(CONFIG_SELF_INIT) \
-DCONFIG_UNSET_RTLD_DEEPBIND=$(CONFIG_UNSET_RTLD_DEEPBIND)

$(OUT)/libhardened_malloc$(SUFFIX).so: $(OBJECTS) | $(OUT)
$(CC) $(CFLAGS) $(LDFLAGS) -shared $^ $(LDLIBS) -o $@
Expand Down
7 changes: 7 additions & 0 deletions README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -279,6 +279,13 @@ The following boolean configuration options are available:
hardware, which may become drastically lower in the future. Whether or not
this feature is enabled, the metadata is all contained within an isolated
memory region with high entropy random guard regions around it.
* `CONFIG_UNSET_RTLD_DEEPBIND`: `true` or `false` (default) to control whether a
`dlopen` wrapper is included to improve compatibility on glibc-based systems.
When enabled, the wrapper unsets the `RTLD_DEEPBIND` flag to ensure libraries
loaded via `dlopen` see the preloaded `libhardened_malloc.so` symbols,
preventing allocator mixing and related crashes or partial security bypasses.
That's useful for PHP extensions, browser plugins, and other modular software.
This option has no effect on non-glibc systems (e.g., musl, Bionic).

The following integer configuration options are available:

Expand Down
1 change: 1 addition & 0 deletions config/default.mk
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -21,3 +21,4 @@ CONFIG_CLASS_REGION_SIZE := 34359738368 # 32GiB
CONFIG_N_ARENA := 4
CONFIG_STATS := false
CONFIG_SELF_INIT := true
CONFIG_UNSET_RTLD_DEEPBIND := false
1 change: 1 addition & 0 deletions config/light.mk
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -21,3 +21,4 @@ CONFIG_CLASS_REGION_SIZE := 34359738368 # 32GiB
CONFIG_N_ARENA := 4
CONFIG_STATS := false
CONFIG_SELF_INIT := true
CONFIG_UNSET_RTLD_DEEPBIND := false
15 changes: 15 additions & 0 deletions h_malloc.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2199,3 +2199,18 @@ COLD EXPORT void h_malloc_disable_memory_tagging(void) {
#endif
}
#endif

#if CONFIG_UNSET_RTLD_DEEPBIND

#if defined(__GLIBC__)
#include <dlfcn.h>

EXPORT void *dlopen(const char *filename, int flags)
{
void * (*original_dlopen)(const char *, int) = dlsym(RTLD_NEXT, "dlopen");
flags &= ~RTLD_DEEPBIND;
return original_dlopen(filename, flags);
}
#endif

#endif // CONFIG_UNSET_RTLD_DEEPBIND