public inbox for glibc-bugs@sourceware.org help / color / mirror / Atom feed
From: "fweimer at redhat dot com" <sourceware-bugzilla@sourceware.org> To: glibc-bugs@sourceware.org Subject: [Bug dynamic-link/30127] [rfe]: enable ld audit at run-time Date: Fri, 17 Feb 2023 12:46:52 +0000 [thread overview] Message-ID: <bug-30127-131-9CSEgnuayy@http.sourceware.org/bugzilla/> (raw) In-Reply-To: <bug-30127-131@http.sourceware.org/bugzilla/> https://sourceware.org/bugzilla/show_bug.cgi?id=30127 --- Comment #12 from Florian Weimer <fweimer at redhat dot com> --- (In reply to Stas Sergeev from comment #11) > (In reply to Florian Weimer from comment #10) > > I think for experimentation, you can use the link map as a dlopen handle > > directly, and pass it to dlsym, for example. > > That finally works, thank you. > So with that and the patches already posted to ML, > I can at least start prototyping some code. > > > > We need to gather consensus that this is the way to do it, and document it. > > Presently, it's an undocumented implementation detail. > > > > We also need to use a dedicated link map allocator which only reuses, but > > not frees, the underlying storiage, so that it becomes safe to traverse the > > _r_debug lists, despite concurrent dlopen/dlcose operation. > > But I hope the traversal of _r_debug list > will not became the official solution, just > as well as using linkmap pointers directly. Why? The handles are void *, so there isn't any type-checking today, and it's hard to tell how many applications assume this undocumented equivalence. Maybe we shouldn't commit to the other direction of reuse (casting a dlopen handle to struct link_map *), that's a separate decision. > So maybe you don't need such an allocator, > but of course I am not aware of a use-case > you are referring to. There's no lock that synchronizes the traversal of _r_debug with concurrent dlopen/dlclose. Introducing that is difficult. Such locks are easily misused, and there is no precedent for exposing glibc locks in this way. > > There should also be a way to obtain a stable handle from a link map > > pointer. Using dlopen with RTLD_NOLOAD seems about right for that. > > So do you want this patch to get that working > right here right now: > > --- a/elf/dl-open.c > +++ b/elf/dl-open.c > @@ -872,7 +872,8 @@ no more namespaces available for dlmopen()")); > DL_NNS is 1 and so any NSID != 0 is invalid. */ > || DL_NNS == 1 > || GL(dl_ns)[nsid]._ns_nloaded == 0 > - || GL(dl_ns)[nsid]._ns_loaded->l_auditing)) > + || (GL(dl_ns)[nsid]._ns_loaded->l_auditing && > + !(mode & RTLD_NOLOAD)))) > _dl_signal_error (EINVAL, file, NULL, > N_("invalid target namespace in dlmopen()")); > > I tested that patch and it works. > Test-suit shows no regressions. I think we need to do a pass first with pointer-comparison because the names are not unique per namespace. > Also what do you think about the aforementioned > void *dlaudit_load_module(const char *path, int flags); > void *dlopen_audit(const char *path, int flags, void *cookie); > extensions? They seem to have poor encapsulation. If more than one module uses them, the auditor registered in that way might see unexpected auditing events, with unrecognizable cookies. -- You are receiving this mail because: You are on the CC list for the bug.
next prev parent reply other threads:[~2023-02-17 12:46 UTC|newest] Thread overview: 50+ messages / expand[flat|nested] mbox.gz Atom feed top 2023-02-15 8:23 [Bug dynamic-link/30127] New: " stsp at users dot sourceforge.net 2023-02-16 18:42 ` [Bug dynamic-link/30127] " fweimer at redhat dot com 2023-02-17 2:54 ` stsp at users dot sourceforge.net 2023-02-17 7:17 ` stsp at users dot sourceforge.net 2023-02-17 8:08 ` fweimer at redhat dot com 2023-02-17 8:38 ` stsp at users dot sourceforge.net 2023-02-17 8:56 ` fweimer at redhat dot com 2023-02-17 9:32 ` stsp at users dot sourceforge.net 2023-02-17 9:38 ` stsp at users dot sourceforge.net 2023-02-17 9:44 ` stsp at users dot sourceforge.net 2023-02-17 10:23 ` fweimer at redhat dot com 2023-02-17 10:59 ` stsp at users dot sourceforge.net 2023-02-17 12:46 ` fweimer at redhat dot com [this message] 2023-02-17 13:43 ` schwab@linux-m68k.org 2023-02-17 13:55 ` stsp at users dot sourceforge.net 2023-02-17 13:57 ` stsp at users dot sourceforge.net 2023-02-20 8:33 ` fweimer at redhat dot com 2023-02-21 15:39 ` stsp at users dot sourceforge.net 2023-02-21 19:43 ` janderson at rice dot edu 2023-02-21 20:09 ` stsp at users dot sourceforge.net 2023-02-22 16:46 ` stsp at users dot sourceforge.net 2023-02-23 16:02 ` janderson at rice dot edu 2023-02-23 16:35 ` stsp at users dot sourceforge.net 2023-02-24 18:02 ` stsp at users dot sourceforge.net 2023-02-25 16:57 ` stsp at users dot sourceforge.net 2023-02-25 18:49 ` carlos at redhat dot com 2023-02-25 19:00 ` stsp at users dot sourceforge.net 2023-02-26 16:54 ` janderson at rice dot edu 2023-02-26 17:22 ` stsp at users dot sourceforge.net 2023-02-26 19:22 ` stsp at users dot sourceforge.net 2023-03-02 14:39 ` stsp at users dot sourceforge.net 2023-03-02 16:13 ` janderson at rice dot edu 2023-03-02 19:56 ` stsp at users dot sourceforge.net 2023-03-03 6:20 ` janderson at rice dot edu 2023-03-03 12:36 ` stsp at users dot sourceforge.net 2023-03-04 11:33 ` stsp at users dot sourceforge.net 2023-03-06 9:12 ` janderson at rice dot edu 2023-03-06 10:09 ` stsp at users dot sourceforge.net 2023-03-06 10:56 ` stsp at users dot sourceforge.net 2023-03-07 8:54 ` janderson at rice dot edu 2023-03-07 16:50 ` stsp at users dot sourceforge.net 2023-03-12 8:42 ` stsp at users dot sourceforge.net 2023-03-13 9:22 ` janderson at rice dot edu 2023-03-13 9:41 ` janderson at rice dot edu 2023-03-13 10:01 ` stsp at users dot sourceforge.net 2023-03-13 10:46 ` stsp at users dot sourceforge.net 2023-03-13 11:17 ` stsp at users dot sourceforge.net 2023-03-13 20:26 ` stsp at users dot sourceforge.net 2023-03-14 15:11 ` stsp at users dot sourceforge.net 2023-03-15 5:34 ` janderson at rice dot edu
Reply instructions: You may reply publicly to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --in-reply-to=bug-30127-131-9CSEgnuayy@http.sourceware.org/bugzilla/ \ --to=sourceware-bugzilla@sourceware.org \ --cc=glibc-bugs@sourceware.org \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: linkBe sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).