public inbox for glibc-bugs@sourceware.org help / color / mirror / Atom feed
From: "janderson at rice dot edu" <sourceware-bugzilla@sourceware.org> To: glibc-bugs@sourceware.org Subject: [Bug dynamic-link/30127] [rfe]: enable ld audit at run-time Date: Sun, 26 Feb 2023 16:54:52 +0000 [thread overview] Message-ID: <bug-30127-131-4ixvSEwNFB@http.sourceware.org/bugzilla/> (raw) In-Reply-To: <bug-30127-131@http.sourceware.org/bugzilla/> https://sourceware.org/bugzilla/show_bug.cgi?id=30127 --- Comment #27 from Jonathon Anderson <janderson at rice dot edu> --- (In reply to Stas Sergeev from comment #22) > > This still doesn't solve the issue. Expanding a bit: say you load > > dlload_audit_module("my_auditor"), then dlopen("libmylib.so") and > > libmylib.so binds malloc from libc.so. my_auditor gets an la_objopen call > > for libmylib.so but not libc.so. What do you do about the la_symbind > > callback?: > > - If you send an la_symbind to my_auditor, the defcook will be an > > unrecognized cookie. > > - If you skip the call, my_auditor won't be able to intercept malloc (and > > all other libc functions). > > - If you NULL the defcook, my_auditor won't be able to wrap malloc etc. > > since it can't (reliably) get the "original" function it would bind to. And > > it's an API break, so you need to bump LAV_CURRENT. > > In that case I think it would make > sense to disable symbind and plt call-backs > for such dynamic auditors? There *will* be auditors that will not function properly under these restrictions. At the very least there needs to be some kind of flag presented to the auditor at la_version-time to let it know that it has been loaded in this (very) degraded state, so the auditor has a chance to refuse to load. > > > What is your proposed auditor supposed to do? > > It supposed to use these audit extensions > https://sourceware.org/pipermail/libc-alpha/2023-February/145638.html > and apply other solib loading customizations. > But its not going to do anything after the > load process, i.e. I don't need symbind/pltenter. > I guess it would be fair to let the app-wide > auditors to work with all libs, and have the > dynamic auditors without any access to the > "outer" libs? So, IIUC you have an solib plugin (i.e. you don't control the application) where you want/need to customize (a) the location the solib is loaded (or where what the solib loads is loaded?) with la_premap and (b) the paths that your plugin loads with la_objsearch. Solibs are "position-independent" and should work no matter where they are loaded (unless you're doing *really* dangerous and non-portable tricks with function pointers). So (a) can only be a performance optimization, maybe improving I-cache locality? IMHO it makes more sense to apply such an optimization across the entire application. Or is there a reason why this should only apply to your plugin? (b) gives me bad vibes, it seems very easy to run into a situation where dlopen->dlclose->dlopen will unexpectedly give you different binaries between the two dlopen calls. la_objsearch also doesn't affect binaries that are already loaded, e.g. if an earlier plugin loads a library you wanted to replace you will have lost the chance to do so (and you won't even get a callback warning that this is happening). IMHO it seems delicate unless applied consistently across the entire application. Is there a reason you can't manually adjust the paths your solib loads? Are the wanted paths dynamically generated (like e.g. Spindle[1])? [1]: https://computing.llnl.gov/projects/spindle -- You are receiving this mail because: You are on the CC list for the bug.
next prev parent reply other threads:[~2023-02-26 16:54 UTC|newest] Thread overview: 50+ messages / expand[flat|nested] mbox.gz Atom feed top 2023-02-15 8:23 [Bug dynamic-link/30127] New: " stsp at users dot sourceforge.net 2023-02-16 18:42 ` [Bug dynamic-link/30127] " fweimer at redhat dot com 2023-02-17 2:54 ` stsp at users dot sourceforge.net 2023-02-17 7:17 ` stsp at users dot sourceforge.net 2023-02-17 8:08 ` fweimer at redhat dot com 2023-02-17 8:38 ` stsp at users dot sourceforge.net 2023-02-17 8:56 ` fweimer at redhat dot com 2023-02-17 9:32 ` stsp at users dot sourceforge.net 2023-02-17 9:38 ` stsp at users dot sourceforge.net 2023-02-17 9:44 ` stsp at users dot sourceforge.net 2023-02-17 10:23 ` fweimer at redhat dot com 2023-02-17 10:59 ` stsp at users dot sourceforge.net 2023-02-17 12:46 ` fweimer at redhat dot com 2023-02-17 13:43 ` schwab@linux-m68k.org 2023-02-17 13:55 ` stsp at users dot sourceforge.net 2023-02-17 13:57 ` stsp at users dot sourceforge.net 2023-02-20 8:33 ` fweimer at redhat dot com 2023-02-21 15:39 ` stsp at users dot sourceforge.net 2023-02-21 19:43 ` janderson at rice dot edu 2023-02-21 20:09 ` stsp at users dot sourceforge.net 2023-02-22 16:46 ` stsp at users dot sourceforge.net 2023-02-23 16:02 ` janderson at rice dot edu 2023-02-23 16:35 ` stsp at users dot sourceforge.net 2023-02-24 18:02 ` stsp at users dot sourceforge.net 2023-02-25 16:57 ` stsp at users dot sourceforge.net 2023-02-25 18:49 ` carlos at redhat dot com 2023-02-25 19:00 ` stsp at users dot sourceforge.net 2023-02-26 16:54 ` janderson at rice dot edu [this message] 2023-02-26 17:22 ` stsp at users dot sourceforge.net 2023-02-26 19:22 ` stsp at users dot sourceforge.net 2023-03-02 14:39 ` stsp at users dot sourceforge.net 2023-03-02 16:13 ` janderson at rice dot edu 2023-03-02 19:56 ` stsp at users dot sourceforge.net 2023-03-03 6:20 ` janderson at rice dot edu 2023-03-03 12:36 ` stsp at users dot sourceforge.net 2023-03-04 11:33 ` stsp at users dot sourceforge.net 2023-03-06 9:12 ` janderson at rice dot edu 2023-03-06 10:09 ` stsp at users dot sourceforge.net 2023-03-06 10:56 ` stsp at users dot sourceforge.net 2023-03-07 8:54 ` janderson at rice dot edu 2023-03-07 16:50 ` stsp at users dot sourceforge.net 2023-03-12 8:42 ` stsp at users dot sourceforge.net 2023-03-13 9:22 ` janderson at rice dot edu 2023-03-13 9:41 ` janderson at rice dot edu 2023-03-13 10:01 ` stsp at users dot sourceforge.net 2023-03-13 10:46 ` stsp at users dot sourceforge.net 2023-03-13 11:17 ` stsp at users dot sourceforge.net 2023-03-13 20:26 ` stsp at users dot sourceforge.net 2023-03-14 15:11 ` stsp at users dot sourceforge.net 2023-03-15 5:34 ` janderson at rice dot edu
Reply instructions: You may reply publicly to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --in-reply-to=bug-30127-131-4ixvSEwNFB@http.sourceware.org/bugzilla/ \ --to=sourceware-bugzilla@sourceware.org \ --cc=glibc-bugs@sourceware.org \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: linkBe sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).