From: Eric Blake <eblake@redhat.com>
To: Florian Weimer <fweimer@redhat.com>
Cc: libc-help@sourceware.org,
"libguestfs@redhat.com" <libguestfs@redhat.com>
Subject: Re: [Libguestfs] alternatives for hooking dlopen() without LD_LIBRARY_PATH or LD_AUDIT?
Date: Fri, 21 Feb 2020 13:26:00 -0000 [thread overview]
Message-ID: <66f90219-e8ff-0223-6d55-c19f0609302c@redhat.com> (raw)
In-Reply-To: <8736b4jfop.fsf@oldenburg2.str.redhat.com>
On 2/21/20 6:19 AM, Florian Weimer wrote:
> * Eric Blake:
>
>> So with that said, here's a question I just thought of:
>>
>> If your patch for glibc support for DT_AUDIT is incorporated, is it
>> possible to mark a shared library as its own audit library via
>> DT_AUDIT? That is, if nbdkit-vddk-plugin.so can provide entry points
>> for _both_ the nbdkit interface (which satisfies dlopen() from the
>> nbdkit binary) and la_version/la_objsearch() (which satisfy the
>> requirements for use from the audit code in ld.so), _and_ during the
>> compilation of nbdkit-vddk-plugin.so, we marked the library as its own
>> DT_AUDIT entry, would the mere act of dlopen("nbdkit-vddk-plugin.so")
>> from nbdkit be sufficient to trigger audit actions such as
>> la_objsearch() on all subsequent shared loads (whether by dlopen() or
>> DT_NEEDED) performed by nbdkit-vddk-plugin.so and its descendant
>> loaded libraries?
>
> So you want to dlopen nbdkit-vddk-plugin.so and launch a new auditor
> even if the process so far hasn't used auditing? And the main program
> (which links agains a library which eventually makes this dlopen call)
> would not know anything about the existence of this specific plugin and
> auditing?
Yes, you interpreted my question correctly.
>
> This isn't currently supported. It's not just that the glibc
> implementation cannot do it. The audit API (as sketched in <link.h>) is
> not a good fit for late loading where you have never observed open
> events. It pretty much assumes that auditors are loaded magically
> *before* program start, so that they can observe all open calls and set
> up their own data structures along the way.
The concern is not about nbdkit loading nbdkit-vddk-plugin.so, but
nbdkit-vddk-plugin.so doing subsequent loads of libvixDiskLib.so and its
bare dependencies on libstdc++.so and such that were incorrectly built
without DT_RUNPATH, but where we can't rewrite libvixDiskLib.so because
it is proprietary, so the best we can do is hook the loading environment
(either by la_objsearch or by re-exec with LD_LIBRARY_PATH).
>
> I think what confuses me is that keep talking about a single binary, but
> clearly there is this separate vddk DSO, and there is talk of plugins.
> So it seems to me that multiple files are involved already?
You are correct that there are multiple files involved:
The nbdkit project currently has 2 relevant files: 'nbdkit' and
'nbdkit-vddk-plugin.so' (and various other plugins, but those are not
relevant to the VDDK use case)
The VDDK project from VMware: multiple files: libvixDiskLib.so (primary
interface), which dlopen()s libdiskLibPlugin.so, which in turn has
DT_NEEDED on libstdc++.so and several other recompiled system libraries.
'find vmware-vix-disklib-distrib/lib64/ -type f | wc' shows 23 libraries
total, but the end user installs it as a single tarball from VMware.
We can't change what VDDK ships, but we want to avoid making the nbdkit
portion change from 2 files into 3, as every additional file required
beyond what VMware ships is that much more burden for a user to choose
to use nbdkit for accessing their VMware disks.
--
Eric Blake, Principal Software Engineer
Red Hat, Inc. +1-919-301-3226
Virtualization: qemu.org | libvirt.org
next prev parent reply other threads:[~2020-02-21 13:26 UTC|newest]
Thread overview: 15+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-02-14 19:02 Eric Blake
2020-02-14 21:29 ` [Libguestfs] " Eric Blake
2020-02-14 22:20 ` Carlos O'Donell
2020-02-17 15:04 ` Eric Blake
2020-02-17 15:12 ` Florian Weimer
2020-02-18 21:32 ` Eric Blake
2020-02-21 12:19 ` Florian Weimer
2020-02-21 13:26 ` Eric Blake [this message]
2020-02-21 14:51 ` Richard W.M. Jones
2020-02-21 15:00 ` Florian Weimer
2020-02-21 15:40 ` Richard W.M. Jones
2020-02-21 16:02 ` Florian Weimer
2020-02-21 17:42 ` Richard W.M. Jones
2020-02-21 20:28 ` Eric Blake
2020-02-21 20:21 ` Eric Blake
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=66f90219-e8ff-0223-6d55-c19f0609302c@redhat.com \
--to=eblake@redhat.com \
--cc=fweimer@redhat.com \
--cc=libc-help@sourceware.org \
--cc=libguestfs@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).