Hi,
Digging into unwinding code, I found that per default some DEBUG stuff
is enable (NDEBUG preprocessor macro isn't defined).
The debug code is logging/tracing feature activated on environment
variable presence (without any issetugid(2) check) ; and some
uncondionnal logging on failure for ::pthread_rwlock_*lock functin
family.
lib/libunwind/src/libunwind.cpp :
352 _LIBUNWIND_HIDDEN
353 bool logAPIs() {
354 // do manual lock to avoid use of _cxa_guard_acquire or initializers
355 static bool checked = false;
356 static bool log = false;
357 if (!checked) {
358 log = (getenv("LIBUNWIND_PRINT_APIS") != NULL);
359 checked = true;
360 }
361 return log;
362 }
363
364 _LIBUNWIND_HIDDEN
365 bool logUnwinding() {
366 // do manual lock to avoid use of _cxa_guard_acquire or initializers
367 static bool checked = false;
368 static bool log = false;
369 if (!checked) {
370 log = (getenv("LIBUNWIND_PRINT_UNWINDING") != NULL);
371 checked = true;
372 }
373 return log;
374 }
Once activated, the library will output to stderr log or tracing
information.
lib/libunwind/src/config.h :
86 #define _LIBUNWIND_LOG(msg, ...) fprintf(stderr, "libuwind: " msg,
__VA_ARGS__)
87
88 // Macros that define away in non-Debug builds
89 #ifdef NDEBUG
90 #define _LIBUNWIND_DEBUG_LOG(msg, ...)
91 #define _LIBUNWIND_TRACE_API(msg, ...)
92 #define _LIBUNWIND_TRACING_UNWINDING 0
93 #define _LIBUNWIND_TRACE_UNWINDING(msg, ...)
94 #define _LIBUNWIND_LOG_NON_ZERO(x) x
95 #else
...
104 #define _LIBUNWIND_DEBUG_LOG(msg, ...) _LIBUNWIND_LOG(msg,
__VA_ARGS__)
105 #define _LIBUNWIND_LOG_NON_ZERO(x) \
106 do { \
107 int _err = x; \
108 if ( _err != 0 ) \
109 _LIBUNWIND_LOG("" #x "=%d in %s", _err, __FUNCTION__); \
110 } while (0)
111 #define _LIBUNWIND_TRACE_API(msg, ...) \
112 do { \
113 if ( logAPIs() ) _LIBUNWIND_LOG(msg, __VA_ARGS__); \
114 } while(0)
115 #define _LIBUNWIND_TRACE_UNWINDING(msg, ...) \
116 do { \
117 if ( logUnwinding() ) _LIBUNWIND_LOG(msg, __VA_ARGS__); \
118 } while(0)
Regarding unwinding is C++ stuff, programs in base shoudn't be really
impacted. But such code shouldn't be available per default or at least
not in setuid code.
The following diff adds -DNDEBUG when building libcxxabi (libunwind is
part of it). If I correctly understand the cmake stuff, having -DNDEBUG
is the default for release build.
Alternatively, issetugid() calls could be added in libunwind.cpp.
Thanks.
--
Sebastien Marie
Index: lib/libcxxabi/Makefile
===================================================================
RCS file: /cvs/src/lib/libcxxabi/Makefile,v
retrieving revision 1.8
diff -u -p -r1.8 Makefile
--- lib/libcxxabi/Makefile 17 Apr 2017 15:53:21 -0000 1.8
+++ lib/libcxxabi/Makefile 30 Jul 2017 10:00:21 -0000
@@ -46,7 +46,7 @@ SRCS+= abort_message.cpp\
libunwind.cpp
CPPFLAGS+= -I${SHDRDIR} -I${HDRDIR} -I${UHDRDIR}
-CPPFLAGS+= -D_LIBUNWIND_IS_NATIVE_ONLY
+CPPFLAGS+= -D_LIBUNWIND_IS_NATIVE_ONLY -DNDEBUG
CFLAGS+= -nostdlib -funwind-tables
CXXFLAGS+= -nostdlib -nostdinc++ -funwind-tables
.if empty(CXXFLAGS:M-std=*)
