public inbox for libc-alpha@sourceware.org
 help / color / mirror / Atom feed
* RFC: does ld.so.preload still make sense?
@ 2023-07-24 17:34 Adhemerval Zanella Netto
  2023-07-25  9:39 ` Martin Jambor
  2023-07-25 16:34 ` Florian Weimer
  0 siblings, 2 replies; 3+ messages in thread
From: Adhemerval Zanella Netto @ 2023-07-24 17:34 UTC (permalink / raw)
  To: libc-alpha

As comment suggests it should be only used for emergencies and testing,
as it is a non-configurable file path that works even for SUID binaries
(there is no way to disable it nor to change the its patch without 
patching glibc).

It is also not properly document on the manual, although man-pages does
have an entry with a proper explanation.  I am not sure it should be
considered as a security liability, however it is an extra performance
hit on *every* program execution for a very specific and not really
deployed feature.

Is this still useful in current scenarios, as debug tool to fix 
misconfigured systems? Or should we remove it?

^ permalink raw reply	[flat|nested] 3+ messages in thread
* Re: RFC: does ld.so.preload still make sense?
  2023-07-24 17:34 RFC: does ld.so.preload still make sense? Adhemerval Zanella Netto
@ 2023-07-25  9:39 ` Martin Jambor
  2023-07-25 16:34 ` Florian Weimer
  1 sibling, 0 replies; 3+ messages in thread
From: Martin Jambor @ 2023-07-25  9:39 UTC (permalink / raw)
  To: Adhemerval Zanella Netto; +Cc: libc-alpha

Hello,

On Mon, Jul 24 2023, Adhemerval Zanella Netto via Libc-alpha wrote:
> As comment suggests it should be only used for emergencies and testing,
> as it is a non-configurable file path that works even for SUID binaries
> (there is no way to disable it nor to change the its patch without 
> patching glibc).
>
> It is also not properly document on the manual, although man-pages does
> have an entry with a proper explanation.  I am not sure it should be
> considered as a security liability, however it is an extra performance
> hit on *every* program execution for a very specific and not really
> deployed feature.
>
> Is this still useful in current scenarios, as debug tool to fix 
> misconfigured systems? Or should we remove it?

SUSE now uses it in order to load libpulp[1] into all processes to
facilitate user-space live-patching (when the administrator opts-in by
installing a special package).

So we would be very much against removal of the config file.

Thanks,

Martin


[1] https://github.com/SUSE/libpulp

^ permalink raw reply	[flat|nested] 3+ messages in thread
* Re: RFC: does ld.so.preload still make sense?
  2023-07-24 17:34 RFC: does ld.so.preload still make sense? Adhemerval Zanella Netto
  2023-07-25  9:39 ` Martin Jambor
@ 2023-07-25 16:34 ` Florian Weimer
  1 sibling, 0 replies; 3+ messages in thread
From: Florian Weimer @ 2023-07-25 16:34 UTC (permalink / raw)
  To: Adhemerval Zanella Netto via Libc-alpha; +Cc: Adhemerval Zanella Netto

* Adhemerval Zanella Netto via Libc-alpha:

> As comment suggests it should be only used for emergencies and testing,
> as it is a non-configurable file path that works even for SUID binaries
> (there is no way to disable it nor to change the its patch without 
> patching glibc).
>
> It is also not properly document on the manual, although man-pages does
> have an entry with a proper explanation.  I am not sure it should be
> considered as a security liability, however it is an extra performance
> hit on *every* program execution for a very specific and not really
> deployed feature.
>
> Is this still useful in current scenarios, as debug tool to fix 
> misconfigured systems? Or should we remove it?

Does the Raspberry Pi still use it?  If I reclal correctly, historically
they used this approach to install their optimized string routines
because they didn't want to patch glibc for some reason.

Thanks,
Florian


^ permalink raw reply	[flat|nested] 3+ messages in thread
end of thread, other threads:[~2023-07-25 16:35 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2023-07-24 17:34 RFC: does ld.so.preload still make sense? Adhemerval Zanella Netto
2023-07-25  9:39 ` Martin Jambor
2023-07-25 16:34 ` Florian Weimer

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).