diff options
author | simonb <simonb@chromium.org> | 2015-07-29 09:46:07 -0700 |
---|---|---|
committer | Commit bot <commit-bot@chromium.org> | 2015-07-29 16:46:36 +0000 |
commit | 46943a6dc16d9c75388e3e41fedd9710d466ce51 (patch) | |
tree | a779a0c6188e939c99db7855dbff4275738791a7 /third_party/android_crazy_linker | |
parent | f04ff85d2b85833971ef7ca7f31f4fd5a1b1f3aa (diff) | |
download | chromium_src-46943a6dc16d9c75388e3e41fedd9710d466ce51.zip chromium_src-46943a6dc16d9c75388e3e41fedd9710d466ce51.tar.gz chromium_src-46943a6dc16d9c75388e3e41fedd9710d466ce51.tar.bz2 |
Remove CVE-2011-1149 detection machinery.
Remove the check for kernel vulnerability CVE-2011-1149. Avoids
unnecessary processing on library load and some code complexity.
The vulnerability is fixed for all Androids supported by Chromium.
Details:
http://www.cvedetails.com/cve/CVE-2011-1149/
https://android-review.googlesource.com/#/c/15866/
Note: As implemented this check, if it failed, would now entirely
prevent libraries from loading. A build with the crazy linker
enabled assumes that it is safe to both pack relocations and load
directly from apk. If the crazy linker then backed out to the
system linker at runtime the load would fail, because the system
linker (prior to Android M) does not handle these features.
BUG=
Review URL: https://codereview.chromium.org/1264623002
Cr-Commit-Position: refs/heads/master@{#340899}
Diffstat (limited to 'third_party/android_crazy_linker')
7 files changed, 2 insertions, 40 deletions
diff --git a/third_party/android_crazy_linker/README.chromium b/third_party/android_crazy_linker/README.chromium index 838bb4a..9400fbd 100644 --- a/third_party/android_crazy_linker/README.chromium +++ b/third_party/android_crazy_linker/README.chromium @@ -84,3 +84,5 @@ Local Modifications: - Add a Breakpad "guard region" to the start of reserved address space. +- Remove CVE-2011-1149 detection machinery. + diff --git a/third_party/android_crazy_linker/src/README.TXT b/third_party/android_crazy_linker/src/README.TXT index bf05402..fc025eb 100644 --- a/third_party/android_crazy_linker/src/README.TXT +++ b/third_party/android_crazy_linker/src/README.TXT @@ -40,10 +40,6 @@ features compared to /system/bin/linker: it, but it is possible to use a single ashmem region to share the same data instead. - WARNING: This feature will not work on certain older kernels. See - the documentation for crazy_system_can_share_relro() for - more details. - See include/crazy_linker.h for the API and its documentation. See LICENSE file for full licensing details (hint: BSD) diff --git a/third_party/android_crazy_linker/src/include/crazy_linker.h b/third_party/android_crazy_linker/src/include/crazy_linker.h index 1ea8a0a..347cd7c 100644 --- a/third_party/android_crazy_linker/src/include/crazy_linker.h +++ b/third_party/android_crazy_linker/src/include/crazy_linker.h @@ -267,14 +267,6 @@ crazy_status_t crazy_library_get_info(crazy_library_t* library, crazy_context_t* context, crazy_library_info_t* info); -// Checks whether the system can support RELRO section sharing. This is -// mainly due to the fact that old Android kernel images have a bug in their -// implementation of Ashmem region mapping protection. -// If this function returns CRAZY_STATUS_FAILURE, then calls to -// crazy_library_enable_relro_sharing() will return a failure to prevent -// the exploitation of this security issue in your code. -crazy_status_t crazy_system_can_share_relro(void); - // Create an ashmem region containing a copy of the RELRO section for a given // |library|. This can be used with crazy_library_use_shared_relro(). // |load_address| can be specified as non-0 to ensure that the content of the diff --git a/third_party/android_crazy_linker/src/src/crazy_linker_api.cpp b/third_party/android_crazy_linker/src/src/crazy_linker_api.cpp index 31b2a9a..d0ac3a5 100644 --- a/third_party/android_crazy_linker/src/src/crazy_linker_api.cpp +++ b/third_party/android_crazy_linker/src/src/crazy_linker_api.cpp @@ -283,16 +283,6 @@ crazy_status_t crazy_library_get_info(crazy_library_t* library, return CRAZY_STATUS_SUCCESS; } -crazy_status_t crazy_system_can_share_relro(void) { - crazy::AshmemRegion region; - if (!region.Allocate(PAGE_SIZE, NULL) || - !region.SetProtectionFlags(PROT_READ) || - !crazy::AshmemRegion::CheckFileDescriptorIsReadOnly(region.fd())) - return CRAZY_STATUS_FAILURE; - - return CRAZY_STATUS_SUCCESS; -} - crazy_status_t crazy_library_create_shared_relro(crazy_library_t* library, crazy_context_t* context, size_t load_address, diff --git a/third_party/android_crazy_linker/src/tests/test_relocated_shared_relro.cpp b/third_party/android_crazy_linker/src/tests/test_relocated_shared_relro.cpp index a3a5051..3ab297e 100644 --- a/third_party/android_crazy_linker/src/tests/test_relocated_shared_relro.cpp +++ b/third_party/android_crazy_linker/src/tests/test_relocated_shared_relro.cpp @@ -21,12 +21,6 @@ typedef void (*FunctionPtr)(); int main() { - - if (!crazy_system_can_share_relro()) { - fprintf(stderr, "WARNING: Test ignored due to broken kernel!!\n"); - return 0; - } - crazy_context_t* context = crazy_context_create(); RelroLibrary foo; diff --git a/third_party/android_crazy_linker/src/tests/test_shared_relro.cpp b/third_party/android_crazy_linker/src/tests/test_shared_relro.cpp index 797bd0b..0876461 100644 --- a/third_party/android_crazy_linker/src/tests/test_shared_relro.cpp +++ b/third_party/android_crazy_linker/src/tests/test_shared_relro.cpp @@ -24,12 +24,6 @@ typedef void (*FunctionPtr)(); int main() { - - if (!crazy_system_can_share_relro()) { - fprintf(stderr, "WARNING: Test ignored due to broken kernel!!\n"); - return 0; - } - crazy_context_t* context = crazy_context_create(); RelroLibrary foo; diff --git a/third_party/android_crazy_linker/src/tests/test_two_shared_relros.cpp b/third_party/android_crazy_linker/src/tests/test_two_shared_relros.cpp index eba0f01..388dfc7 100644 --- a/third_party/android_crazy_linker/src/tests/test_two_shared_relros.cpp +++ b/third_party/android_crazy_linker/src/tests/test_two_shared_relros.cpp @@ -23,12 +23,6 @@ typedef void (*FunctionPtr)(); int main() { - - if (!crazy_system_can_share_relro()) { - fprintf(stderr, "WARNING: Test ignored due to broken kernel!!\n"); - return 0; - } - crazy_context_t* context = crazy_context_create(); RelroLibrary foo; |