Conversation
Bionic's __libc_init_AT_SECURE walks the auxv on startup and calls __early_abort when AT_SECURE is missing, so guest binaries linked against Bionic abort immediately under elfuse. glibc and musl tolerate a missing entry, which is why no existing test caught this. Set the value to zero: elfuse never elevates guest privileges (no setuid/setgid or file-capability emulation), so there is no scenario in which secure-exec mode should be reported as on. Place the entry between AT_EGID and AT_HWCAP2 to match the kernel ordering. Bump LINUX_STACK_AUXV_WORDS_MAX from 40 to 48: the previous bound sat exactly at the post-fix maximum of 20 entries / 40 words, with zero headroom for future additions. Add a /proc/self/auxv probe to test-tier-a covering AT_SECURE presence and value. getauxval(3) returns 0 both for absent entries and for AT_SECURE=0, so the test must walk the raw auxv buffer with a partial-read-safe loop to distinguish the two cases. Reported by Doan Bao Trung <doanbaotrung@gmail.com> Close #26
Closed
![cubic-dev-ai[bot]](https://avatars.githubusercontent.com/in/1082092?s=60&v=4){kind=small}
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Bionic's __libc_init_AT_SECURE walks the auxv on startup and calls __early_abort when AT_SECURE is missing, so guest binaries linked against Bionic abort immediately under elfuse. glibc and musl tolerate a missing entry, which is why no existing test caught this.
Set the value to zero: elfuse never elevates guest privileges (no setuid/setgid or file-capability emulation), so there is no scenario in which secure-exec mode should be reported as on. Place the entry between AT_EGID and AT_HWCAP2 to match the kernel ordering.
Bump LINUX_STACK_AUXV_WORDS_MAX from 40 to 48: the previous bound sat exactly at the post-fix maximum of 20 entries / 40 words, with zero headroom for future additions.
Add a /proc/self/auxv probe to test-tier-a covering AT_SECURE presence and value. getauxval(3) returns 0 both for absent entries and for AT_SECURE=0, so the test must walk the raw auxv buffer with a partial-read-safe loop to distinguish the two cases.
Close #26
Summary by cubic
Emit AT_SECURE in the auxv with value 0 to prevent Bionic-linked guests from aborting on startup. Also expand auxv capacity and add a test to verify presence and value.
AT_SECURE(0) between AT_EGID and AT_HWCAP2 to match kernel ordering.LINUX_STACK_AUXV_WORDS_MAXfrom 40 to 48 for headroom./proc/self/auxvto confirmAT_SECUREis present and zero (handles partial reads and avoidsgetauxval(3)ambiguity).Written for commit f9d0e05. Summary will update on new commits.