[Bug libc/26723] New: LD_ETC_IGNORE - environment variable to ignore /etc/ld.so.preload configuration file on a per-application basis

[Bug libc/26723] New: LD_ETC_IGNORE - environment variable to ignore /etc/ld.so.preload configuration file on a per-application basis

[adrelanos at riseup dot net]

https://sourceware.org/bugzilla/show_bug.cgi?id=26723

            Bug ID: 26723
           Summary: LD_ETC_IGNORE - environment variable to ignore
                    /etc/ld.so.preload configuration file on a
                    per-application basis
           Product: glibc
           Version: unspecified
            Status: UNCONFIRMED
          Severity: normal
          Priority: P2
         Component: libc
          Assignee: unassigned at sourceware dot org
          Reporter: adrelanos at riseup dot net
                CC: drepper.fsp at gmail dot com
  Target Milestone: ---

/etc/ld.so.preload is great, however in some corner cases divergent settings
are required. (Such as set through LD_PRELOAD environment variable.)

In such cases there is no easy way to ignore the /etc/ld.so.preload
configuration file on a per-application basis. I.e. there is no command that
can easily be prepended to make libc ignore /etc/ld.so.preload.

Currently for example to ignore /etc/ld.so.preload containing contents
'/usr/lib/libhardened_malloc.so/libhardened_malloc_kicksecure.so' one has to
run:

bwrap --dev-bind / / --tmpfs /usr/lib/libhardened_malloc.so program-name

Which is cumbersome and creating follow-up issues.

Would be good if one could run this:

LD_ETC_IGNORE=1 program-name

Or...

LD_ETC_IGNORE=1 LD_PRELOAD=/path/to/so program-name 

And then /etc/ld.so.preload [1] would be ignored.


[1] and /etc/ld.so.preload.d [2]

[2] https://sourceware.org/bugzilla/show_bug.cgi?id=24913

-- 
You are receiving this mail because:
You are on the CC list for the bug.

[Bug libc/26723] LD_ETC_IGNORE - environment variable to ignore /etc/ld.so.preload configuration file on a per-application basis

[carlos at redhat dot com]

https://sourceware.org/bugzilla/show_bug.cgi?id=26723

Carlos O'Donell <carlos at redhat dot com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |carlos at redhat dot com

--- Comment #1 from Carlos O'Donell <carlos at redhat dot com> ---
(In reply to adrelanos from comment #0)
> /etc/ld.so.preload is great, however in some corner cases divergent settings
> are required. (Such as set through LD_PRELOAD environment variable.)

Divergent settings are issues that the application developer and the system
administrator need to work together on to resolve.

The point of /etc/ld.so.preload is to give system administrators a method for
enforcing preloading of certain required libraries.

The semantics of /etc/ld.so.preload are exactly that applications should not be
able to ignore them. Likewise /etc/ld.so.preload is the only mechanism to
preload objects for suid binaries.

> In such cases there is no easy way to ignore the /etc/ld.so.preload
> configuration file on a per-application basis. I.e. there is no command that
> can easily be prepended to make libc ignore /etc/ld.so.preload.

Correct, and that is only purpose.

> Currently for example to ignore /etc/ld.so.preload containing contents
> '/usr/lib/libhardened_malloc.so/libhardened_malloc_kicksecure.so' one has to
> run:

You're not supposed to ignore that, your system admin set it up that way.

> bwrap --dev-bind / / --tmpfs /usr/lib/libhardened_malloc.so program-name
> 
> Which is cumbersome and creating follow-up issues.

What problem is the hardened malloc causing?

Why do you have to have it on the system?

-- 
You are receiving this mail because:
You are on the CC list for the bug.