From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) by sourceware.org (Postfix) with ESMTPS id 9A6E93858CDB for ; Wed, 4 Oct 2023 20:55:21 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org 9A6E93858CDB Authentication-Results: sourceware.org; dmarc=pass (p=none dis=none) header.from=redhat.com Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=redhat.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1696452921; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:content-type:content-type; bh=J9xxChBlN0MA54QHhIRwSKZq8GlSrkLHODNLwhLZm7E=; b=G199lFZ39yZ/1Y33TXWYNlmhBc+8MttMhX+Kjy3EzD4SRIsObRx7dLA6dQThnqTvJNVpt0 rNlzeRqftXS+MwJfoYZqfo8Yeqw4feCekeCrJ7ygzfslKvNfx3OS+yoUd3hbbuUl/NZM8o Q6JXZJIr9bWPmsQF/nRrIkTpTH2Tkt0= Received: from mimecast-mx02.redhat.com (mimecast-mx02.redhat.com [66.187.233.88]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-617-HHgJyWYgMyOja1SGxeeebg-1; Wed, 04 Oct 2023 16:55:19 -0400 X-MC-Unique: HHgJyWYgMyOja1SGxeeebg-1 Received: from smtp.corp.redhat.com (int-mx06.intmail.prod.int.rdu2.redhat.com [10.11.54.6]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 9259D80418B for ; Wed, 4 Oct 2023 20:55:19 +0000 (UTC) Received: from greed.delorie.com (unknown [10.22.8.97]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 79184215670B for ; Wed, 4 Oct 2023 20:55:19 +0000 (UTC) Received: from greed.delorie.com.redhat.com (localhost [127.0.0.1]) by greed.delorie.com (8.15.2/8.15.2) with ESMTP id 394KtIEK757332; Wed, 4 Oct 2023 16:55:18 -0400 Date: Wed, 04 Oct 2023 16:55:18 -0400 Message-Id: From: DJ Delorie To: libc-alpha@sourceware.org Subject: RFC: system-wide default tunables X-Scanned-By: MIMEDefang 3.1 on 10.11.54.6 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Type: text/plain; charset="US-ASCII"; x-default=true X-Spam-Status: No, score=-4.4 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH,DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_NONE,RCVD_IN_MSPIKE_H4,RCVD_IN_MSPIKE_WL,SPF_HELO_NONE,SPF_NONE,TXREP autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org List-Id: Before I start on actual coding, I'm sharing my thoughts on this project to gain consensus... Problem: tunables are set by an environment variable, and may be limited by security settings, containerization, etc. Plus users may not assume that the env var is pre-set, and just overwrite it. Solution: Add a way to specify system-wide defaults for tunables. Ideas: * Specify some file or files in /etc that contain tunables settings. Follow the ld.so.conf patterns, allow subdirectories, etc. * Store tunables info in /etc/ld.so.cache in a new slot at the end, with a new enum for the chunk. This way older glibc will just ignore it. Parsing and storing will be done via ldconfig. * Values in ld.so.cache will be parsed but not range checked; that's dependent on what the glibc app expects. * read those, do range checking, and call callbacks at runtime * To speed processing, encode a hash for each tunable name, both in glibc's table (which is built at glibc build time) and in /etc/ld.so.cache. Comparing the hash typically fails but avoids a string compare. Matching hashes are followed by a string compare to verify. The hash need not be crypographically secure. * I'm not going to try to add some "syntax" to specify if a tunable is overridable or not; this is a simple default-only change. * Tunables set by these defaults will not be disabled for setuid programs; it's assumed they're a "trusted source".