From 08d72226f4cf31025a2510bca580fc07f1434412 Mon Sep 17 00:00:00 2001 From: Alex Hornung Date: Tue, 1 Sep 2009 10:42:56 +0100 Subject: [PATCH] ELF - allow execution of shared objects * Allow execution of shared ELF objects by default. * Add a sysctl kern.elf_exec_dyn, default to 1, to control permission to execute shared elf objects. * Incidentally, this also makes PIE work, at least for basic testcases as ncal, whereis, ... Obtained-from: FreeBSD Reported-By: Hasso Tepper --- sys/kern/imgact_elf.c | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/sys/kern/imgact_elf.c b/sys/kern/imgact_elf.c index 810d61d236..407db31f40 100644 --- a/sys/kern/imgact_elf.c +++ b/sys/kern/imgact_elf.c @@ -1,5 +1,5 @@ /*- - * Copyright (c) 1995-1996 Søren Schmidt + * Copyright (c) 1995-1996 Søren Schmidt * Copyright (c) 1996 Peter Wemm * All rights reserved. * @@ -525,6 +525,11 @@ SYSCTL_INT(_kern, OID_AUTO, fallback_elf_brand, CTLFLAG_RW, &fallback_elf_brand, -1, "ELF brand of last resort"); +static int can_exec_dyn = 1; +SYSCTL_INT(_kern, OID_AUTO, elf_exec_dyn, CTLFLAG_RW, + &can_exec_dyn, 1, + "ELF: can exec shared libraries"); + static int exec_elf_imgact(struct image_params *imgp) { @@ -547,8 +552,10 @@ exec_elf_imgact(struct image_params *imgp) /* * Do we have a valid ELF header ? + * We allow execution of ET_EXEC and, if kern.elf_exec_dyn is 1, ET_DYN. */ - if (elf_check_header(hdr) != 0 || hdr->e_type != ET_EXEC) + if (elf_check_header(hdr) != 0 || + (hdr->e_type != ET_EXEC && (!can_exec_dyn || hdr->e_type != ET_DYN))) return -1; /* -- 2.11.4.GIT