From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: by sourceware.org (Postfix, from userid 48) id 64FB83836CF9; Mon, 20 Feb 2023 11:00:50 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 64FB83836CF9 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sourceware.org; s=default; t=1676890850; bh=/LHSgmU+z0telpUouWKQkPlIJnfZxve09mxf1/PsXKk=; h=From:To:Subject:Date:In-Reply-To:References:From; b=ZABtevcXmwF8zV+rzXjmxxcwNi4dblKlAXu7HYgHHosrqL6sYkFN0L7jpOpsSPjCS WTJYcJ5m+qf5Ao+JymDb4eFDNqmS0WIWxijyrcQlXTrqQH4IT0w3n4tCpRmbPPGJN+ 2jhS0+Kw7Us3VabI0sErEkyj0bAXd3V/6hBPD7Hk= From: "fweimer at redhat dot com" To: glibc-bugs@sourceware.org Subject: [Bug dynamic-link/30134] DT_AUDIT is ignored for dlopen()ed solib Date: Mon, 20 Feb 2023 11:00:49 +0000 X-Bugzilla-Reason: CC X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: glibc X-Bugzilla-Component: dynamic-link X-Bugzilla-Version: 2.38 X-Bugzilla-Keywords: X-Bugzilla-Severity: normal X-Bugzilla-Who: fweimer at redhat dot com X-Bugzilla-Status: UNCONFIRMED X-Bugzilla-Resolution: X-Bugzilla-Priority: P2 X-Bugzilla-Assigned-To: unassigned at sourceware dot org X-Bugzilla-Target-Milestone: --- X-Bugzilla-Flags: security- X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: http://sourceware.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 List-Id: https://sourceware.org/bugzilla/show_bug.cgi?id=3D30134 --- Comment #4 from Florian Weimer --- (In reply to Stas Sergeev from comment #2) > (In reply to Florian Weimer from comment #1) > > The link editor (ld) is expected to > > copy audit entries to the main program as DT_DEPAUDIT entries, so that = the > > auditors are loaded at run time. But that only works for explicit linki= ng, > > it fails with dlopen. >=20 > It is possible to implement DT_AUDIT for > dlopen(), isn't it? Maybe in theory, but it's not how the current implementation is structured.= It depends on an auditing flag in RELRO memory for hardening, so that the audi= ting (function) pointers cannot be overwritten if the process did not start with auditing enabled. We would also have to figure out all the small corner cases and work out wh= at to do for them. For example, auditing is currently a process-global operati= on, and the auditing modules are never unloaded after being created. Adding dlo= pen support might change that: auditing could perhaps be restricted to the local search scope, and dlclose might unload the auditor as well. Or not, it's ha= rd to tell without some exploration. We also have hard limits on the number of auditors. The explicit one (names= pace count) is perhaps somewhat easy to overcome, but there is also the static T= LS space consumption by new auditing namespaces. --=20 You are receiving this mail because: You are on the CC list for the bug.=