diff options
author | DJ Delorie <dj@delorie.com> | 2021-03-23 19:03:45 -0400 |
---|---|---|
committer | GitHub <noreply@github.com> | 2021-03-23 19:03:45 -0400 |
commit | 70ea259c603e0f84eda766be29d4259f1e8fe5b7 (patch) | |
tree | ff1fa5d5472682874c816a49fa28e12158b8537b | |
parent | f58e5ee63263657a7e8f2892d27c012a16facc1a (diff) | |
download | libffi-70ea259c603e0f84eda766be29d4259f1e8fe5b7.tar.gz |
Search $LIBFFI_TMPDIR also (#605)
Most temp file directories need to be hardened against execution, but
libffi needs execute privileges. Add a libffi-specific temp directory
that can be set up by sysadmins as needed with suitable permissions.
This both ensures that libffi will have a valid temp directory to use
as well as preventing attempts to access other directories.
-rw-r--r-- | doc/libffi.texi | 50 | ||||
-rw-r--r-- | src/closures.c | 1 |
2 files changed, 51 insertions, 0 deletions
diff --git a/doc/libffi.texi b/doc/libffi.texi index 79f9377..28f0e6a 100644 --- a/doc/libffi.texi +++ b/doc/libffi.texi @@ -65,6 +65,7 @@ SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. @menu * Introduction:: What is libffi? * Using libffi:: How to use libffi. +* Memory Usage:: Where memory for closures comes from. * Missing Features:: Things libffi can't do. * Index:: Index. @end menu @@ -970,6 +971,55 @@ Currently the only affected platform is PowerPC and the only affected type is @code{long double}. @end itemize +@node Memory Usage +@chapter Memory Usage + +Note that memory allocated by @code{ffi_closure_alloc} and freed by +@code{ffi_closure_free} does not come from the same general pool of +memory that @code{malloc} and @code{free} use. To accomodate security +settings, @samp{libffi} may aquire memory, for example, by mapping +temporary files into multiple places in the address space (once to +write out the closure, a second to execute it). The search follows +this list, using the first that works: + +@itemize @bullet + +@item +A anonymous mapping (i.e. not file-backed) + +@item +@code{memfd_create()}, if the kernel supports it. + +@item +A file created in the directory referenced by the environment variable +@code{LIBFFI_TMPDIR}. + +@item +Likewise for the environment variable @code{TMPDIR}. + +@item +A file created in @code{/tmp}. + +@item +A file created in @code{/var/tmp}. + +@item +A file created in @code{/dev/shm}. + +@item +A file created in the user's home directory (@code{$HOME}). + +@item +A file created in any directory listed in @code{/etc/mtab}. + +@item +A file created in any directory listed in @code{/proc/mounts}. + +@end itemize + +If security settings prohibit using any of these for closures, +@code{ffi_closure_alloc} will fail. + @node Missing Features @chapter Missing Features diff --git a/src/closures.c b/src/closures.c index 3a63c32..3558d78 100644 --- a/src/closures.c +++ b/src/closures.c @@ -695,6 +695,7 @@ static struct #ifdef HAVE_MEMFD_CREATE { open_temp_exec_file_memfd, "libffi", 0 }, #endif + { open_temp_exec_file_env, "LIBFFI_TMPDIR", 0 }, { open_temp_exec_file_env, "TMPDIR", 0 }, { open_temp_exec_file_dir, "/tmp", 0 }, { open_temp_exec_file_dir, "/var/tmp", 0 }, |