From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: by sourceware.org (Postfix, from userid 48) id 067533858C39; Tue, 21 Feb 2023 20:09:52 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 067533858C39 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sourceware.org; s=default; t=1677010193; bh=VdKSZ8mo6csOWlaGEAPVtqVCy19Ciu+bgPbcQwItYlc=; h=From:To:Subject:Date:In-Reply-To:References:From; b=pXii930syO+xNI9E8uIYWmLNqPo4jGXTCDpaB8OiRm+EASRAbeGu1vhLY3LcXD7kS xaBZigeqipKJ5z2MkwAvu5dSOognThmXO+BR5Xvcbsuva3cr2fefmzK1iC+uHTjOdH z7PDqL0JfSHP9ggmboedHIWJxT8VScLb7zGSDFfM= From: "stsp at users dot sourceforge.net" To: glibc-bugs@sourceware.org Subject: [Bug dynamic-link/30127] [rfe]: enable ld audit at run-time Date: Tue, 21 Feb 2023 20:09:52 +0000 X-Bugzilla-Reason: CC X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: glibc X-Bugzilla-Component: dynamic-link X-Bugzilla-Version: 2.38 X-Bugzilla-Keywords: X-Bugzilla-Severity: normal X-Bugzilla-Who: stsp at users dot sourceforge.net X-Bugzilla-Status: UNCONFIRMED X-Bugzilla-Resolution: X-Bugzilla-Priority: P2 X-Bugzilla-Assigned-To: unassigned at sourceware dot org X-Bugzilla-Target-Milestone: --- X-Bugzilla-Flags: security- X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: http://sourceware.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 List-Id: https://sourceware.org/bugzilla/show_bug.cgi?id=3D30127 --- Comment #19 from Stas Sergeev --- (In reply to Jonathon Anderson from comment #18) > void la_preinit(uintptr_t* cookie) { > void* h =3D dlmopen(LM_ID_BASE, NULL, RTLD_LAZY | RTLD_NOLOAD); > void (*hook)() =3D dlsym(h, "_auditor_hook"); > hook(...); > } Well, yes, auditor_hook is a viable solution perhaps in some cases. Though in my case the auditor is brought in with a solib plugin, not with the main application. And currently DT_AUDIT is not supported for solibs, see #30134. And even if #30134 is fixed, will you be able to resolve the auditor hook with LM_ID_BASE if it is in an RTLD_LOCAL solib rather than in a main executable? I think not, so the scope of your solution is quite limited. > I'm a bit confused how the proposed interface would provide a better (or > alternate) solution to the problem. By doing void *auditor_handle =3D dlload_audit_module("my_module", 0); void (*auditor_cb)(void) =3D dlsym(auditor_handle, "auditor_control_interfa= ce"); Just as simple as that. :) > Echoing a few of Florian's concerns, if > you load an auditor after the application has been running for a time, you > run a large risk of being passed an unrecognizable cookie (since the > la_objopen callbacks are fired before the auditor is loaded). Good point, so I'll adjust the patch to not call the auditor for the lib for which he missed the initial cookie... which doesn't look simple. :) Oh, will think... Thanks! --=20 You are receiving this mail because: You are on the CC list for the bug.=