From: Carlos O'Donell <carlos@redhat.com>
To: "Vivek Das Mohapatra" <vivek@collabora.com>
Cc: libc-alpha@sourceware.org
Subject: Re: [RFC][PATCH v1 0/5] Proof-of-Concept implementation of RTLD_SHARED for dlmopen
Date: Fri, 18 May 2018 20:03:00 -0000 [thread overview]
Message-ID: <0ce47505-10c2-a85a-4b73-9821d20a138d@redhat.com> (raw)
In-Reply-To: <alpine.DEB.2.20.1805182037460.8443@noise.cbg.collabora.co.uk>
On 05/18/2018 03:53 PM, Vivek Das Mohapatra wrote:
>> Now we have a few good win/win scenarios:
>>
>> * You can now force objects into a dlmopen namespace even if you link
>> Â directly with them by setting DT_LMNS to a value other than $.*
>> Â You would have to look these objects up to use them via a namespaced
>> Â dl_iterate_phtr?
>>
>> * You can add new objects to $PROXY if you want them to be exposed
>> Â through all of the namespaces too.
>>
>> Thoughts?
>
> Â - namespaced dl_iterate_phdr would make my life easier, so thumbs up.
>
> Â - need to refresh my memory regarding dl_map_object - I think we'd need
> Â Â to harvest this info in _dl_map_object_from_fd and set a flag in
> Â Â the struct for easy checking later (or maybe keep a list of
> Â Â must-proxy objects, sort of analogous to how RTLD_GLOBAL objects
> Â Â are tracked, I guess).
>
> Which reminds me - the code currently has a comment in it that says
> RTLD_GLOBAL is nonsensical for namespaces but this isn't exactly true:
> I think it makes sense for RTLD_GLOBAL to mean "use this for everything
> in the target namesapace" (Mesa libGL for example RTLD_GLOBAL dlopens
> _itself_ to export symbols to modules it is about to open, which I have
> to trap when isolating libGL).
I agree 100%.
The use of RTLD_GLOBAL is *absolutely* critical and it must be interpreted
to mean "GLOBAL within the namespace" as you imply.
There may be objects which use RTLD_GLOBAL which you cannot change but must
be able to load safely in a namespace.
> In effect, the $PROXY DT_LMNS DSOs become super-global (Solar?)
> and RTLD_GLOBAL is extended to mean "for this namespace".
Right. I think it's a bad design to allow objects to break out of the namespace
in a dynamic way, so I do not think we need RTLD_SUPER_GLOBAL which means to
add symbols to the base namespace.
However, I think that a compile-time, verifiable, DT_LMNS tag in .dynamic, can
be audited and verified from a security perspective to know that it will be
proxied to all namespaces.
Lastly we need test cases for things like using RTLD_GLOBAL within a namespace,
and using RTLD_SHARED, and nested dlopen within dlmopen, etc. etc. So you have
your work cutout, but I can probably help write some more test cases :-)
--
Cheers,
Carlos.
prev parent reply other threads:[~2018-05-18 20:03 UTC|newest]
Thread overview: 30+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-05-16 17:11 Vivek Das Mohapatra
2018-05-16 17:11 ` [RFC][PATCH v1 1/5] bits/dlfcn.h: Declare and describe the dlmopen RTLD_SHARED flag Vivek Das Mohapatra
2018-05-18 18:37 ` Carlos O'Donell
2018-05-18 19:31 ` Vivek Das Mohapatra
2018-05-16 17:11 ` [RFC][PATCH v1 3/5] elf/dl-object.c: Implement a helper function to clone link_map entries Vivek Das Mohapatra
2018-05-20 2:48 ` Carlos O'Donell
2018-05-16 17:11 ` [RFC][PATCH v1 5/5] elf/dl-fini.c: Handle cloned link_map entries in the shutdown path Vivek Das Mohapatra
2018-05-18 19:09 ` Carlos O'Donell
2018-05-18 19:25 ` Vivek Das Mohapatra
2018-05-16 17:11 ` [RFC][PATCH v1 2/5] include/link.h: Update the link_map struct to allow clones Vivek Das Mohapatra
2018-05-18 18:47 ` Carlos O'Donell
2018-05-18 19:32 ` Vivek Das Mohapatra
2018-05-16 17:19 ` [RFC][PATCH v1 4/5] elf/dl-load.c, elf-dl-open.c: Implement RTLD_SHARED dlmopen cloning Vivek Das Mohapatra
2018-05-18 19:02 ` Carlos O'Donell
2018-05-18 19:20 ` Vivek Das Mohapatra
2018-05-16 19:30 ` [RFC][PATCH v1 0/5] Proof-of-Concept implementation of RTLD_SHARED for dlmopen Joseph Myers
2018-05-16 19:39 ` Vivek Das Mohapatra
2018-05-16 19:44 ` Carlos O'Donell
2018-05-16 19:46 ` Vivek Das Mohapatra
2018-05-16 20:39 ` Carlos O'Donell
2018-05-18 11:46 ` Vivek Das Mohapatra
2018-05-18 18:16 ` Carlos O'Donell
2018-05-16 19:44 ` Joseph Myers
2018-05-16 19:46 ` Vivek Das Mohapatra
2018-05-16 20:03 ` Vivek Das Mohapatra
2018-05-18 18:30 ` Carlos O'Donell
2018-05-18 19:06 ` Vivek Das Mohapatra
2018-05-18 19:26 ` Carlos O'Donell
2018-05-18 19:53 ` Vivek Das Mohapatra
2018-05-18 20:03 ` Carlos O'Donell [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=0ce47505-10c2-a85a-4b73-9821d20a138d@redhat.com \
--to=carlos@redhat.com \
--cc=libc-alpha@sourceware.org \
--cc=vivek@collabora.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).